Velero Operator documentation

deezzir · 29 April 2025 22:51

Charmed Velero

Charmed Velero is a Juju charm that deploys and manages Velero, an open-source tool for safely backing up and restoring Kubernetes cluster resources and persistent volumes. It provides disaster recovery, cluster migration, and backup and restore for workloads across namespaces, including non-Juju-managed ones.

This charm supports AWS and Azure Kubernetes clusters via S3 and Azure object storage backends. Additionally, the charm exposes Prometheus metrics for observability.

In this documentation


Tutorial Get started - a hands-on introduction for new users deploying the charmed operator.	How-to guides Step-by-step guides covering key operations and common tasks.
Explanation Concepts - discussion and clarification of key topics.	Reference Technical information - specifications, APIs, architecture.

Project and Community

Charmed Velero is a distribution of Velero. It’s an open-source project that welcomes community contributions, suggestions, fixes and constructive feedback.

Read our Code of Conduct.
Contribute and report issues.
Explore Juju SDK docs for guidelines on enhancements to this charm.

License

Charmed Velero is free software distributed under the Apache Software License, version 2.0. For more information, see LICENSE.

Navigation

Mapping table

Level	Path	Navlink
1	tutorial	Tutorial
1	how-to	How to
2	integrate-with-cos	Integrate with COS
2	integrate-with-azure	Integrate with an Azure Kubernetes cluster
2	integrate-with-aws	Integrate with an AWS Kubernetes cluster
2	integrate-with-gcp	Integrate with a Google Kubernetes cluster
2	restore-charm-pv	Restore charm PV
2	backup-config-integration	Backup config integration
1	explanation	Explanation
2	system-architecture	System architecture
2	charm-lifecycle	Charm lifecycle
2	file-system-backup	File system backup
1	reference	Reference
2	backup-config-interface	Backup config interface
2	actions	Actions
2	configurations	Configurations
2	integrations	Integrations
2	alert-rules	Alert Rules
2	dashboard	Grafana Dashboard

wodel · 17 May 2026 11:35

Hi,

I’ve configured an s3 storage with a self-signed CA and server certificate.

I’ve used s3-integrator from channel 2, I did use “tls-ca-chain“ with my CA file. The s3-integrator is in active state. But velero won’t connect, I am getting this error

httpcore.ConnectError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

This my deployment

user05@mk8s01:~$ juju run s3-integrator/0 status-detail
Running operation 15 with 1 task
  - task 16 on unit-s3-integrator-0

Waiting for task 16...
18:50:30 Stored statuses:
18:50:31                      App Statuses                      
┏━━━━━━━━┳━━━━━━━━━━━━━━━━┳━━━━━━━━━┳━━━━━━━━┳━━━━━━━━┓
┃ Status ┃ Component Name ┃ Message ┃ Action ┃ Reason ┃
┡━━━━━━━━╇━━━━━━━━━━━━━━━━╇━━━━━━━━━╇━━━━━━━━╇━━━━━━━━┩
│ Active │ general        │         │ N/A    │ N/A    │
│ Active │ s3-provider    │         │ N/A    │ N/A    │
└────────┴────────────────┴─────────┴────────┴────────┘
18:50:31                      Unit Statuses                     
┏━━━━━━━━┳━━━━━━━━━━━━━━━━┳━━━━━━━━━┳━━━━━━━━┳━━━━━━━━┓
┃ Status ┃ Component Name ┃ Message ┃ Action ┃ Reason ┃
┡━━━━━━━━╇━━━━━━━━━━━━━━━━╇━━━━━━━━━╇━━━━━━━━╇━━━━━━━━┩
│ Active │ general        │         │ N/A    │ N/A    │
│ Active │ s3-provider    │         │ N/A    │ N/A    │
└────────┴────────────────┴─────────┴────────┴────────┘

json-output:
  app: '[{"Status": "Active", "Component Name": "general", "Message": "", "Action":
    "N/A", "Reason": "N/A"}, {"Status": "Active", "Component Name": "s3-provider",
    "Message": "", "Action": "N/A", "Reason": "N/A"}]'
  unit: '[{"Status": "Active", "Component Name": "general", "Message": "", "Action":
    "N/A", "Reason": "N/A"}, {"Status": "Active", "Component Name": "s3-provider",
    "Message": "", "Action": "N/A", "Reason": "N/A"}]'

user05@mk8s01:~$ juju status
Model          Controller  Cloud/Region      Version  SLA          Timestamp
velero-backup  uk8sx       my-k8s/localhost  3.6.21   unsupported  18:50:35Z

App              Version  Status   Scale  Charm            Channel      Rev  Address         Exposed  Message
s3-integrator             active       1  s3-integrator    2/edge       550  10.152.183.105  no       
velero-operator           blocked      1  velero-operator  1.15/stable  421  10.152.183.235  no       Velero Storage location is not ready: BackupStorageLocation is unavailable

Unit                Workload  Agent  Address       Ports  Message
s3-integrator/0*    active    idle   10.1.111.113         
velero-operator/0*  blocked   idle   10.1.111.118         Velero Storage location is not ready: BackupStorageLocation is unavailable

Is there a way to make it work with a local CA certificate?

Regards.

deezzir · 17 May 2026 12:38

Can you please open a feature request on github? I don’t think this is supported at the moment, thanks