openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 21:46:22 +01:00
Code Issues Releases Activity
Files
60cfb050ebc3c02f4a15ca834fa1873377b48d21
openshift-docs/modules/oadp-secrets-for-different-credentials.adoc
Avital Pinnick 3756ec1893 [enterprise-4.11] CNV-19657: Clean up CNV backup/restore
2022-07-20 11:12:46 +03:00

224 lines
6.3 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc
// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc
// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc
// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc
// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc
:_content-type: PROCEDURE
[id="oadp-secrets-for-different-credentials_{context}"]
ifdef::installing-oadp-aws[]
= Creating profiles for different credentials
If your backup and snapshot locations use different credentials, you create separate profiles in the `credentials-velero` file.
Then, you create a `Secret` object and specify the profiles in the `DataProtectionApplication` custom resource (CR).
.Procedure
. Create a `credentials-velero` file with separate profiles for the backup and snapshot locations, as in the following example:
+
[source,terminal]
----
[backupStorage]
aws_access_key_id=<AWS_ACCESS_KEY_ID>
aws_secret_access_key=<AWS_SECRET_ACCESS_KEY>
[volumeSnapshot]
aws_access_key_id=<AWS_ACCESS_KEY_ID>
aws_secret_access_key=<AWS_SECRET_ACCESS_KEY>
----
. Create a `Secret` object with the `credentials-velero` file:
+
[source,terminal,subs="attributes+"]
----
$ oc create secret generic {credentials} -n openshift-adp --from-file cloud=credentials-velero <1>
----
. Add the profiles to the `DataProtectionApplication` CR, as in the following example:
+
[source,yaml,subs="attributes+"]
----
apiVersion: oadp.openshift.io/v1alpha1
kind: DataProtectionApplication
metadata:
name: <dpa_sample>
namespace: openshift-adp
spec:
...
backupLocations:
- name: default
velero:
provider: {provider}
default: true
objectStorage:
bucket: <bucket_name>
prefix: <prefix>
config:
region: us-east-1
profile: "backupStorage"
credential:
key: cloud
name: {credentials}
snapshotLocations:
- name: default
velero:
provider: {provider}
config:
region: us-west-2
profile: "volumeSnapshot"
----
endif::[]
ifdef::installing-oadp-azure,installing-oadp-gcp,installing-oadp-ocs,installing-oadp-mcg[]
= Creating secrets for different credentials
If your backup and snapshot locations use different credentials, you must create two `Secret` objects:
* Backup location `Secret` with a custom name. The custom name is specified in the `spec.backupLocations` block of the `DataProtectionApplication` custom resource (CR).
* Snapshot location `Secret` with the default name, `{credentials}`. This `Secret` is not specified in the `DataProtectionApplication` CR.
.Procedure
. Create a `credentials-velero` file for the snapshot location in the appropriate format for your cloud provider.
. Create a `Secret` for the snapshot location with the default name:
+
[source,terminal,subs="attributes+"]
----
$ oc create secret generic {credentials} -n openshift-adp --from-file cloud=credentials-velero
----
. Create a `credentials-velero` file for the backup location in the appropriate format for your object storage.
. Create a `Secret` for the backup location with a custom name:
+
[source,terminal,subs="attributes+"]
----
$ oc create secret generic <custom_secret> -n openshift-adp --from-file cloud=credentials-velero
----
. Add the `Secret` with the custom name to the `DataProtectionApplication` CR, as in the following example:
endif::[]
ifdef::installing-oadp-azure[]
+
[source,yaml,subs="attributes+"]
----
apiVersion: oadp.openshift.io/v1alpha1
kind: DataProtectionApplication
metadata:
name: <dpa_sample>
namespace: openshift-adp
spec:
...
backupLocations:
- velero:
config:
resourceGroup: <azure_resource_group>
storageAccount: <azure_storage_account_id>
subscriptionId: <azure_subscription_id>
storageAccountKeyEnvVar: AZURE_STORAGE_ACCOUNT_ACCESS_KEY
credential:
key: cloud
name: <custom_secret> <1>
provider: azure
default: true
objectStorage:
bucket: <bucket_name>
prefix: <prefix>
snapshotLocations:
- velero:
config:
resourceGroup: <azure_resource_group>
subscriptionId: <azure_subscription_id>
incremental: "true"
name: default
provider: {provider}
----
<1> Backup location `Secret` with custom name.
endif::[]
ifdef::installing-oadp-gcp[]
+
[source,yaml,subs="attributes+"]
----
apiVersion: oadp.openshift.io/v1alpha1
kind: DataProtectionApplication
metadata:
name: <dpa_sample>
namespace: openshift-adp
spec:
...
backupLocations:
- velero:
provider: {provider}
default: true
credential:
key: cloud
name: <custom_secret> <1>
objectStorage:
bucket: <bucket_name>
prefix: <prefix>
snapshotLocations:
- velero:
provider: {provider}
default: true
config:
project: <project>
snapshotLocation: us-west1
----
<1> Backup location `Secret` with custom name.
endif::[]
ifdef::installing-oadp-mcg[]
+
[source,yaml,subs="attributes+"]
----
apiVersion: oadp.openshift.io/v1alpha1
kind: DataProtectionApplication
metadata:
name: <dpa_sample>
namespace: openshift-adp
spec:
...
backupLocations:
- velero:
config:
profile: "default"
region: minio
s3Url: <url>
insecureSkipTLSVerify: "true"
s3ForcePathStyle: "true"
provider: {provider}
default: true
credential:
key: cloud
name: <custom_secret> <1>
objectStorage:
bucket: <bucket_name>
prefix: <prefix>
----
<1> Backup location `Secret` with custom name.
endif::[]
ifdef::installing-oadp-ocs[]
+
[source,yaml,subs="attributes+"]
----
apiVersion: oadp.openshift.io/v1alpha1
kind: DataProtectionApplication
metadata:
name: <dpa_sample>
namespace: openshift-adp
spec:
...
backupLocations:
- velero:
provider: <provider>
default: true
credential:
key: cloud
name: <custom_secret> <1>
objectStorage:
bucket: <bucket_name>
prefix: <prefix>
----
<1> Backup location `Secret` with custom name.
endif::[]
View Git Blame Copy Permalink