Open quangthe opened 2 months ago
@quangthe per my undertstanding, this is customized for Tencent COS only.
This can be done by supporting additional flag in the BSL configuration, but I'm reluctant to put it in upstream, b/c I don't see we will have resource to test against tencent.
Therefore, in short term, I suggest you fork the plugin and implemented in the downstream.
@reasonerjt AWS also has virtual hosting. https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html It might also be possible to do this for minio.
@reasonerjt AWS also has virtual hosting.
Yes and that's the default setting for AWS SDK
Hi @reasonerjt
Set s3ForcePathStyle="false"
seems working for Backup Location.
velero install --provider aws --plugins velero/velero-plugin-for-aws:v1.2.1 --bucket <bukcet> \
--secret-file ./credentials-velero \
--use-node-agent \
--default-volumes-to-fs-backup \
--backup-location-config \
region=ap-shanghai,s3ForcePathStyle="false",s3Url=https://cos.ap-shanghai.myqcloud.com
BackupStorageLocations: default
looks like this
spec:
config:
region: ap-shanghai
s3ForcePathStyle: 'false'
s3Url: https://cos.ap-shanghai.myqcloud.com/
default: true
objectStorage:
bucket: <bucket>
provider: aws
But we have another issue with FSB kopia/restic integration.
The BackupRepository (created by velero) still use the path-styled URL which is rejected by Tencent COS.
apiVersion: velero.io/v1
kind: BackupRepository
metadata:
creationTimestamp: '2024-04-22T08:17:56Z'
generateName: keycloak-default-restic-
generation: 5
labels:
velero.io/repository-type: restic
velero.io/storage-location: default
velero.io/volume-namespace: keycloak
name: keycloak-default-restic-8j9qm
namespace: velero
spec:
backupStorageLocation: default
maintenanceFrequency: 168h0m0s
repositoryType: restic
resticIdentifier: >-
s3:https://cos.ap-shanghai.myqcloud.com/<bucket>/restic/keycloak
status:
message: >-
error running command=restic init
--repo=s3:https://cos.ap-shanghai.myqcloud.com/<bucket>/restic/keycloak
--password-file=/tmp/credentials/velero/velero-repo-credentials-repository-password
--cache-dir=/scratch/.cache/restic, stdout=, stderr=Fatal: create repository
at
s3:https://cos.ap-shanghai.myqcloud.com/<bucket>/restic/keycloak
failed: client.BucketExists: The bucket you are attempting to access must be
addressed using COS virtual-styled domain.
: exit status 1
phase: NotReady
@quangthe Hello, you from Tencent, The bucket you are attempting to access must be addressed using COS virtual-styled domain he BackupRepository (created by velero) still use the path-styled URL which is rejected by Tencent COS. Is it resolved
What steps did you take and what happened:
Install velero on Tencent TKE cluster: https://velero.io/docs/main/contributions/tencent-config/.
Get backup location
Output:
Velero logs
What did you expect to happen: Backup location should be available.
Anything else you would like to add: Tencent COS Bucket Domain: https://www.tencentcloud.com/document/product/436/57456
cos.<Region>.myqcloud.com/<BucketName-APPID>
<BucketName-APPID>.cos.<Region>.myqcloud.com
Environment:
velero version
):v1.12.1
velero client config get features
):kubectl version
):1.26