A backup target is the endpoint used to access a backupstore in Longhorn. A backupstore is a NFS server or S3 compatible server that stores the backups of Longhorn volumes. The backup target can be set at Settings/General/BackupTarget.
For more information about how the backupstore works in Longhorn, see the concepts section.
Create a Kubernetes secret with a name such as aws-secret in the namespace where longhorn is placed(longhorn-system by default). For help creating a secret, refer to the Kubernetes documentation. The secret must be created in the longhorn-system namespace for Longhorn to access it. Put the following key-value pairs in the secret:
Make sure NO_PROXY contains the network addresses, network address ranges and domains that should be excluded from using the proxy. In order for Longhorn to operate, the minimum required values for NO_PROXY are:
10.0.0.0/8 (K8s components’ IPs)
192.168.0.0/16 (internal IPs in the cluster)
Set up a Local Testing Backupstore
We provides two testing purpose backupstore based on NFS server and Minio S3 server for testing, in ./deploy/backupstores.
Use following command to setup a Minio S3 server for the backupstore after longhorn-system was created.
For more information on creating a secret, see the Kubernetes documentation. The secret must be created in the longhorn-system namespace for Longhorn to access it.
Note: Make sure to use echo -n when generating the base64 encoding, otherwise an new line will be added at the end of the string and it will cause error when accessing the S3.
Click the Backup tab in the UI. It should report an empty list without any errors.
Result: Longhorn can store backups in S3. To create a backup, see this section.
Using a self-signed SSL certificate for S3 communication
If you want to use a self-signed SSL certificate, you can specify AWS_CERT in the Kubernetes secret you provided to Longhorn. See the example in Set up a Local Testing Backupstore.
It’s important to note that the certificate needs to be in PEM format, and must be its own CA. Or one must include a certificate chain that contains the CA certificate.
To include multiple certificates, one can just concatenate the different certificates (PEM files).
Enable virtual-hosted-style access for S3 compatible Backupstore
You may need to enable this new addressing approach for your S3 compatible Backupstore when