Closed arteonprifti closed 1 month ago
To me, this is related to how to use the SSE-c with the on-premise environment. What is the OSS backend in your environment?
I only find MinIO related document https://min.io/docs/minio/macos/administration/server-side-encryption/server-side-encryption-sse-c.html.
Indeed, this was because of a misconfiguration of the s3 on premise. After fixing it, the error is gone. Thanks for the help
What steps did you take and what happened: When trying to back up to a self-signed s3 server using the sse-c and giving the caCert the backup fails with
InvalidArgument: Requests specifying Server Side Encryption with Customer provided keys must be made over a secure connection.\n\tstatus code: 400
This seems to indicate that the server is not being called using
https
Trying without sse-c, the backup is successful. The same issue happens on v1.8.2 and v1.9.2 as well, with the same error.Config:
kubectl logs deployment/velero -n velero
velero backup describe <backupname>
orkubectl get backup/<backupname> -n velero -o yaml
Phase: Failed (run
velero backup logs nginx-backup-5
for more information)Namespaces: Included: ingress-nginx Excluded:
Resources: Included: * Excluded:
Cluster-scoped: auto
Label selector: