Skip to content

feat(velero): add support for mitm proxy #2170

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 29 commits into
base: main
Choose a base branch
from
Open

feat(velero): add support for mitm proxy #2170

wants to merge 29 commits into from

Conversation

emosbaugh
Copy link
Member

@emosbaugh emosbaugh commented May 15, 2025
edited
Loading

What this PR does / why we need it:

Adds a backup and restore test to proxy and mitm proxy e2e tests.

Before this change MITM proxy fails backup

https://github.com/replicatedhq/embedded-cluster/actions/runs/15061277910/job/42337183201?pr=2170

time="2025-05-16T05:55:19Z" level=error msg="backup failed" backuprequest=velero/application-rp47t controller=backup error="error checking if backup already exists in object storage: rpc error: code = Unknown desc = operation error S3: HeadObject, exceeded maximum number of attempts, 3, https response error StatusCode: 0, RequestID: , HostID: , request send failed, Head \"https://s3.amazonaws.com/kots-testim-snapshots/TestInstallWithMITMProxy-15061277910-1/backups/application-rp47t/velero-backup.json\": tls: failed to verify certificate: x509: certificate signed by unknown authority" error.file="github.com/vmware-tanzu/velero/pkg/controller/backup_controller.go:648" error.function="github.com/vmware-tanzu/velero/pkg/controller.(*backupReconciler).runBackup" logSource="pkg/controller/backup_controller.go:291"

Which issue(s) this PR fixes:

Does this PR require a test?

Does this PR require a release note?

Does this PR require documentation?

@emosbaugh emosbaugh changed the title Emosbaugh/sc 123408/mount ca into velero containers feat(velero): add support for mitm proxy May 15, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented May 15, 2025
edited
Loading

This PR has been released (on staging) and is available for download with a embedded-cluster-smoke-test-staging-app license ID.

Online Installer:

curl "https://staging.replicated.app/embedded/embedded-cluster-smoke-test-staging-app/ci/appver-dev-04a23b8" -H "Authorization: $EC_SMOKE_TEST_LICENSE_ID" -o embedded-cluster-smoke-test-staging-app-ci.tgz

Airgap Installer (may take a few minutes before the airgap bundle is built):

curl "https://staging.replicated.app/embedded/embedded-cluster-smoke-test-staging-app/ci-airgap/appver-dev-04a23b8?airgap=true" -H "Authorization: $EC_SMOKE_TEST_LICENSE_ID" -o embedded-cluster-smoke-test-staging-app-ci.tgz

Happy debugging!

@emosbaugh emosbaugh force-pushed the emosbaugh/sc-123408/mount-ca-into-velero-containers branch from 2f650eb to c514a36 Compare May 16, 2025 02:14
@emosbaugh emosbaugh force-pushed the emosbaugh/sc-123408/mount-ca-into-velero-containers branch from 110a865 to 0bb2644 Compare May 16, 2025 16:25
emosbaugh
emosbaugh commented May 16, 2025
View reviewed changes
tests/integration/kind/velero/ca_test.go
"k8s.io/utils/ptr"
)

// TODO: this should test creating a backup storage location and possibly a backup
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure this test adds much more value than the test here
pkg/addons/velero/integration/hostcabundle_test.go

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. To me it looks like they are testing the same things.

sgalsaleh
sgalsaleh reviewed May 16, 2025
View reviewed changes
pkg/addons/openebs/upgrade.go Outdated
@@ -27,13 +27,13 @@ func (o *OpenEBS) Upgrade(ctx context.Context, kcli client.Client, hcli helm.Cli
return errors.Wrap(err, "generate helm values")
}

_, err = hcli.Upgrade(ctx, helm.UpgradeOptions{
_, err = hcli.Upgrade(ctx, helm.InstallOptions{
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this intentional?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated

@emosbaugh emosbaugh marked this pull request as ready for review May 17, 2025 17:09
@emosbaugh emosbaugh requested review from sgalsaleh and screspod May 17, 2025 17:09
@diamonwiggins diamonwiggins mentioned this pull request May 20, 2025
Draft
JGAntunes
JGAntunes reviewed May 20, 2025
View reviewed changes
e2e/proxy_test.go
)

t.Logf("%s: waiting for nodes to reboot", time.Now().Format(time.RFC3339))
time.Sleep(30 * time.Second)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a way that we can make this more robust by looping and test connecting to the node/checking the node status (and eventually timing out after a while)?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JGAntunes JGAntunes JGAntunes left review comments

@sgalsaleh sgalsaleh Awaiting requested review from sgalsaleh

@screspod screspod Awaiting requested review from screspod

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
type::feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@emosbaugh @JGAntunes @sgalsaleh @screspod