mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
46 lines
1.5 KiB
Plaintext
46 lines
1.5 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * backup_and_restore/application_backup_and_restore/configuring-oadp.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="oadp-self-signed-certificate_{context}"]
|
|
= Enabling self-signed CA certificates
|
|
|
|
[role="_abstract"]
|
|
You must enable a self-signed CA certificate for object storage by editing the `DataProtectionApplication` custom resource (CR) manifest to prevent a `certificate signed by unknown authority` error.
|
|
|
|
.Prerequisites
|
|
|
|
* You must have the OpenShift API for Data Protection (OADP) Operator installed.
|
|
|
|
.Procedure
|
|
|
|
* Edit the `spec.backupLocations.velero.objectStorage.caCert` parameter and `spec.backupLocations.velero.config` parameters of the `DataProtectionApplication` CR manifest:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: oadp.openshift.io/v1alpha1
|
|
kind: DataProtectionApplication
|
|
metadata:
|
|
name: <dpa_sample>
|
|
spec:
|
|
# ...
|
|
backupLocations:
|
|
- name: default
|
|
velero:
|
|
provider: aws
|
|
default: true
|
|
objectStorage:
|
|
bucket: <bucket>
|
|
prefix: <prefix>
|
|
caCert: <base64_encoded_cert_string>
|
|
config:
|
|
insecureSkipTLSVerify: "false"
|
|
# ...
|
|
----
|
|
+
|
|
where:
|
|
+
|
|
`caCert`:: Specifies the Base64-encoded CA certificate string.
|
|
`insecureSkipTLSVerify`:: Specifies the `insecureSkipTLSVerify` configuration. The configuration can be set to either `"true"` or `"false"`. If set to `"true"`, SSL/TLS security is disabled. If set to `"false"`, SSL/TLS security is enabled.
|