diff --git a/Dockerfile.kopia b/Dockerfile.kopia index 1255a6799..7b98ea10a 100644 --- a/Dockerfile.kopia +++ b/Dockerfile.kopia @@ -7,10 +7,9 @@ RUN microdnf install -y bash vim make wget gpg ca-certificates yum && \ RUN curl -LJO https://github.com/kopia/kopia/releases/download/v0.14.1/kopia-0.14.1.x86_64.rpm -RUN yum install -y kopia-0.14.1.x86_64.rpm - WORKDIR / COPY ./bin/kopiaexecutor / +COPY ./kopia /usr/bin/ -ENTRYPOINT ["/kopiaexecutor"] \ No newline at end of file +ENTRYPOINT ["/kopiaexecutor"] diff --git a/kopia b/kopia new file mode 100755 index 000000000..2f5397a96 Binary files /dev/null and b/kopia differ diff --git a/pkg/controllers/dataexport/reconcile.go b/pkg/controllers/dataexport/reconcile.go index c7e2bca09..daa5dab39 100644 --- a/pkg/controllers/dataexport/reconcile.go +++ b/pkg/controllers/dataexport/reconcile.go @@ -2127,6 +2127,7 @@ func createS3Secret(secretName string, backupLocation *storkapi.BackupLocation, credentialData["type"] = []byte(backupLocation.Location.Type) credentialData["password"] = []byte(backupLocation.Location.RepositoryPassword) credentialData["disablessl"] = []byte(strconv.FormatBool(backupLocation.Location.S3Config.DisableSSL)) + credentialData["sse"] = []byte(backupLocation.Location.S3Config.SSE) err := utils.CreateJobSecret(secretName, namespace, credentialData, labels) return err diff --git a/pkg/executor/common.go b/pkg/executor/common.go index 40b3d3371..cc2aad93f 100644 --- a/pkg/executor/common.go +++ b/pkg/executor/common.go @@ -37,6 +37,7 @@ const ( secretAccessKeyPath = "/etc/cred-secret/secretAccessKey" bucketPath = "/etc/cred-secret/path" endpointPath = "/etc/cred-secret/endpoint" + sseTypePath = "/etc/cred-secret/sse" passwordPath = "/etc/cred-secret/password" regionPath = "/etc/cred-secret/region" disableSslPath = "/etc/cred-secret/disablessl" @@ -90,6 +91,7 @@ type S3Config struct { // Region will be defaulted to us-east-1 if not provided Region string DisableSSL bool + SseType string } // AzureConfig specifies the config required to connect to Azure Blob Storage @@ -345,6 +347,13 @@ func parseS3Creds() (*Repository, error) { return nil, fmt.Errorf(errMsg) } + sseType, err := os.ReadFile(sseTypePath) + if err != nil { + errMsg := fmt.Sprintf("failed reading data from file %s : %s", sseTypePath, err) + logrus.Errorf("%v", errMsg) + return nil, fmt.Errorf(errMsg) + } + disableSsl, err := os.ReadFile(disableSslPath) if err != nil { errMsg := fmt.Sprintf("failed reading data from file %s : %s", disableSslPath, err) @@ -361,6 +370,7 @@ func parseS3Creds() (*Repository, error) { repository.S3Config.AccessKeyID = string(accessKey) repository.S3Config.SecretAccessKey = string(secretAccessKey) repository.S3Config.Endpoint = string(endpoint) + repository.S3Config.SseType = string(sseType) repository.S3Config.DisableSSL = isSsl repository.Type = storkapi.BackupLocationS3 region, err := os.ReadFile(regionPath) diff --git a/pkg/executor/kopia/kopiabackup.go b/pkg/executor/kopia/kopiabackup.go index 8dbed42d7..2f5c2412c 100644 --- a/pkg/executor/kopia/kopiabackup.go +++ b/pkg/executor/kopia/kopiabackup.go @@ -181,6 +181,13 @@ func populateS3AccessDetails(initCmd *kopia.Command, repository *executor.Reposi initCmd.AddArg(repository.S3Config.AccessKeyID) initCmd.AddArg("--secret-access-key") initCmd.AddArg(repository.S3Config.SecretAccessKey) + initCmd.AddArg("--sseType") + // At present the backuplocation CR was set with "AES256" value for SSE-S3. + // So need to do this conversion. + switch repository.S3Config.SseType { + case "AES256": + initCmd.AddArg("SSE-S3") + } return initCmd }