mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
45 lines
1.4 KiB
Plaintext
45 lines
1.4 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * backup_and_restore/application_backup_and_restore/configuring-oadp.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="oadp-self-signed-certificate_{context}"]
|
|
= Enabling self-signed CA certificates
|
|
|
|
[role="_abstract"]
|
|
You must enable a self-signed CA certificate for object storage by editing the `DataProtectionApplication` custom resource (CR) manifest to prevent a `certificate signed by unknown authority` error.
|
|
|
|
.Prerequisites
|
|
|
|
* You must have the OpenShift API for Data Protection (OADP) Operator installed.
|
|
|
|
.Procedure
|
|
|
|
* Edit the `spec.backupLocations.velero.objectStorage.caCert` parameter and `spec.backupLocations.velero.config` parameters of the `DataProtectionApplication` CR manifest:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: oadp.openshift.io/v1alpha1
|
|
kind: DataProtectionApplication
|
|
metadata:
|
|
name: <dpa_sample>
|
|
spec:
|
|
# ...
|
|
backupLocations:
|
|
- name: default
|
|
velero:
|
|
provider: aws
|
|
default: true
|
|
objectStorage:
|
|
bucket: <bucket>
|
|
prefix: <prefix>
|
|
caCert: <base64_encoded_cert_string> <1>
|
|
config:
|
|
insecureSkipTLSVerify: "false" <2>
|
|
# ...
|
|
----
|
|
<1> Specify the Base64-encoded CA certificate string.
|
|
<2> The `insecureSkipTLSVerify` configuration can be set to either `"true"` or `"false"`. If set to `"true"`, SSL/TLS security is disabled. If set to `"false"`, SSL/TLS security is enabled.
|
|
|
|
|