mirrors/velero
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/velero.git synced 2026-01-08 22:23:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update docs for flag to skip TLS validation

Browse Source 
Signed-off-by: Abigail McCarthy <mabigail@vmware.com>
This commit is contained in:
Abigail McCarthy
2022-05-18 23:20:00 -04:00
parent 51de990a8a
commit 95ccbb617a
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
site/content/docs/main/self-signed-certificates.md
View File

@@ -46,3 +46,12 @@ Error 116 represents certificate required as seen here in [error codes](https://
Velero as a client does not include its certificate while performing SSL handshake with the server.
From [TLS 1.3 spec](https://tools.ietf.org/html/rfc8446), verifying client certificate is optional on the server.
You will need to change this setting on the server to make it work.
## Skipping TLS verification
**Note:** The `--insecure-skip-tls-verify` flag is insecure and susceptible to man-in-the-middle attacks and meant to help your testing and developing scenarios in an on-premise environment. Using this flag in production is not recommended.
Velero provides a way for you to skip TLS verification on the object store by passing the `--insecure-skip-tls-verify` flag with Velero commands. If true, the object store's TLS certificate will not be checked for validity before Velero connects to the object store or Restic repo. You can permanently skip TLS verification for an object store by setting `Spec.Config.InsecureSkipTLSVerify` to true in the [BackupStorageLocation](api-types/backupstoragelocation.md) CRD.
This flag is currently only implemented for use with AWS provider plugin and Restic.