Update integrated Restic version and add insecureSkipTLSVerify for Re…

[blackpiglet]

…stic CLI

Fix: #4820

Signed-off-by: Xun Jiang jxun@vmware.com

Thank you for contributing to Velero!

Please add a summary of your change

Does your change fix a particular issue?

Fixes #4820

Please indicate you've done the following:

• Accepted the DCO. Commits without the DCO will delay acceptance.
• Created a changelog file or added /kind changelog-not-required as a comment on this pull request.
• Updated the corresponding documentation in site/content/docs/main.

[codecov-commenter]

Codecov Report

Merging #4821 (e4881b7) into main (65db258) will increase coverage by 0.03%.
The diff coverage is 37.70%.

@@            Coverage Diff             @@
##             main    #4821      +/-   ##
==========================================
+ Coverage   41.41%   41.45%   +0.03%     
==========================================
  Files         204      204              
  Lines       17948    18002      +54     
==========================================
+ Hits         7434     7463      +29     
- Misses       9970     9993      +23     
- Partials      544      546       +2     

Impacted Files	Coverage Δ
pkg/controller/pod_volume_restore_controller.go	23.34% <0.00%> (-0.53%)	⬇️
pkg/restic/exec_commands.go	15.38% <0.00%> (-0.81%)	⬇️
pkg/controller/pod_volume_backup_controller.go	44.68% <47.05%> (-0.07%)	⬇️
pkg/restic/repository_manager.go	8.12% <56.52%> (+8.12%)	⬆️
pkg/restic/command_factory.go	93.50% <100.00%> (+0.08%)	⬆️
pkg/restore/restore.go	66.63% <0.00%> (+0.64%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 65db258...e4881b7. Read the comment docs.

[blackpiglet]

Test done for this modification:

Setup MinIO with TLS:

1. Install certgen, then add certgen into PATH: 
go install[ github.com/minio/certgen](http://github.com/minio/certgen)
2. Generate key and cert: 
certgen -ca -host "127.0.0.1,minio.velero.svc,minio.minio.svc"
3. Create TLS needed secret from generated key and cert: 
kubectl create ns minio; kubectl -n minio create secret generic tls-ssl-minio --from-file=./private.key --from-file=./public.crt
4. Install MinIO with TLS enabled by helm chart: 
helm repo add minio https://charts.min.io/; helm install minio -n minio --set tls.enabled=true,tls.certSecret=tls-ssl-minio,replicas=1,persistence.enabled=true,resources.requests.memory=1Gi,mode=standalone,rootUser=minio,rootPassword=minio123 minio/minio
5. Setup up MinIO host and add bucket:
kubectl apply -f https://github.com/raw/blackpiglet/public_files/main/minio-setup.yaml

Install Velero with the MinIO and not provide CA to Velero and Restic.

velero install \
  --provider aws \
  --plugins velero/velero-plugin-for-aws:main \
  --image=gcr.io/velero-gcp/velero:test \
  --bucket=velero \
  --use-volume-snapshots=false \
  --backup-location-config region=minio,s3ForcePathStyle="true",s3Url=https://minio.minio.svc:9000,insecureSkipTLSVerify=true \
  --use-restic \
  --secret-file=../../credentials-velero-minio \
  --default-volumes-to-restic

Tests:

• Create a deployment on K8S cluster with PV
• Create backup with no error: velero backup create 4821-2 --selector app=redis
• Check the ResticRepository is created and Status.Phase is ready.
• Modify ResticRepository's Spec.MaintenanceFrequency to 1m0s, and check the periodically Restic prune command running without error.
• Create restore with no error: velero restore create --from-backup=4821-2
• Delete backup with no error: velero backup delete 4821-2

[blackpiglet]

Met error described here after merge PR #4436 to resolve conflict
#4436 (comment)

After investigation, found this error is triggered by misconfiguration. In my environment, Velero image is updated after merging code, but the PVB's CRD is not updated. I think the 404 error is raised because Velero image's PVB CRD mismatch with PVB CRD in cluster API.
The error is gone when cluster applied the updated PVB.

[blackpiglet]

Mess this branch after git rebase -i. Close this one. Will open another.