Skip to content

Add note about restic not supported with Azure STS #102330

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add note about restic not supported with Azure STS #102330

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c579bf8
add note about restic not supported
shdeshpa07 Nov 12, 2025
0ed7d78
removed stray sentence in the assembly
shdeshpa07 Nov 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions ...nd_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,6 @@ include::modules/oadp-auth-azure-methods.adoc[leveloffset=+1]
include::modules/oadp-auth-azure-secret-based.adoc[leveloffset=+1]
include::modules/oadp-auth-azure-sts.adoc[leveloffset=+1]

You can configure the Data Protection Application by setting Velero resource allocations or enabling self-signed CA certificates.

include::modules/oadp-setting-resource-limits-and-requests.adoc[leveloffset=+1]

include::snippets/oadp-nodeselector-snippet.adoc[]
Expand Down
20 changes: 12 additions & 8 deletions modules/oadp-auth-azure-sts.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ You can use Microsoft Entra Workload ID to access Azure storage for {oadp-short}

To use the Azure Security Token Service (STS) configuration, you need the `credentialsMode` field set to `Manual` during cluster installation. This approach uses the Cloud Credential Operator (`ccoctl`) to set up the workload identity infrastructure, including the OpenID Connect (OIDC) provider, issuer configuration, and user-assigned managed identities.

*Note*: {oadp-short} with Azure STS configuration does not support `restic` File System Backups (FSB) and restores.

.Prerequisites

Expand Down Expand Up @@ -173,9 +174,9 @@ spec:
backupLocations:
- bucket:
cloudStorageRef:
name: <cloud_storage_cr> # <1>
name: <cloud_storage_cr>
config:
storageAccount: <storage_account_name> # <2>
storageAccount: <storage_account_name>
useAAD: "true"
credential:
key: azurekey
Expand All @@ -195,18 +196,21 @@ spec:
- name: default
velero:
config:
resourceGroup: <resource_group> # <3>
subscriptionId: <subscription_ID> # <4>
resourceGroup: <resource_group>
subscriptionId: <subscription_ID>
credential:
key: azurekey
name: cloud-credentials-azure
provider: azure
EOF
----
<1> Specify the `CloudStorage` CR name.
<2> Specify the Azure storage account name.
<3> Specify the resource group.
<4> Specify the subscription ID.
+
where:

<cloud_storage_cr>:: Specify the `CloudStorage` CR name.
<storage_account_name>:: Specify the Azure storage account name.
<resource_group>:: Specify the resource group.
<subscription_ID>:: Specify the subscription ID.

.Verification

Expand Down