Enhancement: added --insecure-tls

eunames commented 6 months ago

Summary

Short summary of what's included in the PR
Give special note to breaking changes: List the exact changes or provide links to documentation.

Checklist

For Code changes

[x] Categorize the PR by setting a good title and adding one of the labels: bug, enhancement, documentation, change, breaking, dependency as they show up in the changelog
[ ] PR contains the label area:operator
[x] Link this PR to related issues
[x] I have not made any changes in the charts/ directory.

Added the oportunity to set a flag --insecure-tls for the restic command. If you want to set the flag --insecure-tls you should set env SET_INSECURE_TLS_FLAG to true in deployment of k8up operator.

Example:

  template:
    spec:
      containers:
      - args:
        - operator
        env:
        - name: BACKUP_ENABLE_LEADER_ELECTION
          value: "true"
        - name: BACKUP_OPERATOR_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        - name: SET_INSECURE_TLS_FLAG
          value: "true"

fixed: https://github.com/k8up-io/k8up/issues/792 https://github.com/k8up-io/k8up/issues/882 https://github.com/k8up-io/k8up/discussions/881

eunames commented 5 months ago

Hi It a more flexible solution i think. Now customer can set SET_INSECURE_TLS_FLAG in an operator level like was before and/or in a backup card. So now customer can set flag in the deployment of k8up operator

 template:
     spec:
       containers:
       - args:
         - operator
         env:
         - name: BACKUP_ENABLE_LEADER_ELECTION
           value: "true"
         - name: BACKUP_OPERATOR_NAMESPACE
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
         - name: SET_INSECURE_TLS_FLAG
           value: "true"

Or/and

in the backup card set a flag insecureTLS

apiVersion: k8up.io/v1
 kind: Backup
 metadata:
   name: backup-true
 spec:
   failedJobsHistoryLimit: 2
   successfulJobsHistoryLimit: 2
   backend:
     repoPasswordSecretRef:
        .....
     insecureTLS: true
     s3:
        ....

A value TRUE in the operator level has priority over a value FALSE in the backup card

But I'm not sure that I've considered all the options when customer can use an insecire connection!!! and testing...... Sorry :(

Kidswiss commented 5 months ago

A value TRUE in the operator level has priority over a value FALSE in the backup card

This feels somewhat like the wrong way around. All other operator level options have less precedence than the options in the backup object.

Also, are you still testing, or is this ready for a re-review from my side?

eunames commented 5 months ago

Ready. Unfortunate, i can't start buil-in tests (kind's finished with error) and do manual testing at a good level. I think a probability of errors is high.

Kidswiss commented 4 months ago

Ready. Unfortunate, i can't start buil-in tests (kind's finished with error) and do manual testing at a good level. I think a probability of errors is high.

You're right, a few tests are currently failing. Could you take a look at them?

k8up-io / k8up