Modify Velero Restic integrated document to add Restic supporting insecureSkipTLSVerify feature

[blackpiglet]

What steps did you take and what happened:
In issue #4820, Restic supporting insecureSkipTLSVerify feature is added.
May need to update related Velero document to explain how to use it.

What did you expect to happen:
Update https://velero.io/docs/main/restic/#docs document to state that when and why this feature is added, and how to use it.

The following information will help us better understand what's going on:

If you are using velero v1.7.0+:
Please use velero debug --backup <backupname> --restore <restorename> to generate the support bundle, and attach to this issue, more options please refer to velero debug --help

If you are using earlier versions:
Please provide the output of the following commands (Pasting long output into a GitHub gist or other pastebin is fine.)

• kubectl logs deployment/velero -n velero
• velero backup describe <backupname> or kubectl get backup/<backupname> -n velero -o yaml
• velero backup logs <backupname>
• velero restore describe <restorename> or kubectl get restore/<restorename> -n velero -o yaml
• velero restore logs <restorename>

Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]

Environment:

• Velero version (use velero version): v1.9
• Velero features (use velero client config get features): None
• Kubernetes version (use kubectl version): v1.22
• Kubernetes installer & version: GCE
• Cloud provider or hardware configuration: GCE
• OS (e.g. from /etc/os-release): Ubuntu

Vote on this issue!

This is an invitation to the Velero community to vote on issues, you can see the project's top voted issues listed here.
Use the "reaction smiley face" up to the right of this comment to vote.

• 👍 for "I would like to see this bug fixed as soon as possible"
• 👎 for "There are more important bugs to focus on right now"

[blackpiglet]

@a-mccarthy
User requested to support skipping TLS verification for insecure HTTPS connection.
The use case is that Velero set up to connect to a HTTPS enabled object store, but user cannot find correct CACert, so need to skip TLS verification.

The new feature use BackupStorageLocation’s Spec.Config.InsecureSkipTLSVerify as option. If the BSL’s Spec.Config.InsecureSkipTLSVerify is set true and Restic daemonset is installed, when running Restic command in Velero, Restic command will use option --insecure-tls to skip TLS verification for object store connection.

By far, only Velero’s AWS plugin supports parsing BSL’s Spec.Config.InsecureSkipTLSVerify field. It’s good enough for now, because skipping TLS verification only suits to on-premise environment, and AWS plugin is used as object plugin in this situation. If any plugin needs this feature in future, need to add parsing Spec.Config.InsecureSkipTLSVerify logic in code.

[blackpiglet]

@a-mccarthy
I noticed "engineering help needed" is added. Could you be more specific on what kind of help is wanted?

[a-mccarthy]

@blackpiglet I just opened a PR for this, #4925

I added this issue to the documentation board so I wouldn't loose track of it, and I didn't realize that I put it in the engineering help needed column. Sorry about the confusion!