Support self-signed ca cert for backends (#294)

* Implemented ca-certs
* Use service name to connect to minio server
* Merge minio docs into one.
* Use filepath.Join to generate file name
* Simplify how --cacert passed to restic
* Update backend docs
* implement cacert: tests fixed
* Fixed bug caused panic.
* Fixed Test: fail when initializer enabled.

docs/examples/backends/minio/minio-recovery.yaml

@@ -0,0 +1,22 @@
+apiVersion: stash.appscode.com/v1alpha1
+kind: Recovery
+metadata:
+  name: stash-demo
+  namespace: default
+spec:
+  workload:
+    kind: Deployment
+    name: stash-demo
+  backend:
+    s3:
+      endpoint: '<your Minio server addres>'
+      bucket: stash-qa
+      prefix: demo
+    storageSecretName: minio-restic-secret
+  paths:
+  - /source/data
+  recoveredVolumes:
+  - mountPath: /source/data
+    hostPath:
+      path: /data/stash-test/restic-restored
+

docs/examples/backends/minio/minio-restic.yaml

@@ -0,0 +1,26 @@
+apiVersion: stash.appscode.com/v1alpha1
+kind: Restic
+metadata:
+  name: minio-restic
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: stash-demo
+  fileGroups:
+  - path: /source/data
+    retentionPolicyName: 'keep-last-5'
+  backend:
+    s3:
+      endpoint: '<your Minio server address>'
+      bucket: stash-qa
+      prefix: demo
+    storageSecretName: minio-restic-secret
+  schedule: '@every 1m'
+  volumeMounts:
+  - mountPath: /source/data
+    name: source-data
+  retentionPolicies:
+  - name: 'keep-last-5'
+    keepLast: 5
+    prune: true

docs/guides/README.md

@@ -22,6 +22,7 @@ Guides show you how to perform tasks with Stash.
 - To restore a backup see [here](/docs/guides/restore.md).
 - To run backup in offline mode see [here](/docs/guides/offline_backup.md)
 - See the list of supported backends and how to configure them [here](/docs/guides/backends.md).
+- Learn to use Stash with self-hosted TLS secured Minio Server [here](/docs/guides/minio_server.md).
 - See working examples for supported workload types [here](/docs/guides/workloads.md).
 - Thinking about monitoring your backup operations? Stash works [out-of-the-box with Prometheus](/docs/guides/monitoring.md).
 - Learn about how to configure [RBAC roles](/docs/guides/rbac.md).

docs/guides/backends.md

@@ -47,7 +47,7 @@ metadata:
 type: Opaque
 ```
 
-Now, you can create a Restic tpr using this secret. Following parameters are available for `Local` backend.
+Now, you can create a Restic crd using this secret. Following parameters are available for `Local` backend.
 
 | Parameter            | Description                                                                                   |
 |----------------------|-----------------------------------------------------------------------------------------------|
@@ -98,6 +98,7 @@ Stash supports AWS S3 service or [Minio](https://minio.io/) servers as backend.
 | `RESTIC_PASSWORD`       | `Required`. Password used to encrypt snapshots by `restic`      |
 | `AWS_ACCESS_KEY_ID`     | `Required`. AWS / Minio / DigitalOcean Spaces access key ID     |
 | `AWS_SECRET_ACCESS_KEY` | `Required`. AWS / Minio / DigitalOcean Spaces secret access key |
+| `CA_CERT_DATA`          | `optional`. CA certificate used by storage backend. This can be used to pass a self-signed ca used with Minio server. |
 
 ```console
 $ echo -n 'changeit' > RESTIC_PASSWORD
@@ -129,7 +130,7 @@ metadata:
 type: Opaque
 ```
 
-Now, you can create a Restic tpr using this secret. Following parameters are available for `S3` backend.
+Now, you can create a Restic crd using this secret. Following parameters are available for `S3` backend.
 
 | Parameter     | Description                                                                     |
 |---------------|---------------------------------------------------------------------------------|
@@ -211,7 +212,7 @@ metadata:
 type: Opaque
 ```
 
-Now, you can create a Restic tpr using this secret. Following parameters are available for `gcs` backend.
+Now, you can create a Restic crd using this secret. Following parameters are available for `gcs` backend.
 
 | Parameter      | Description                                                                     |
 |----------------|---------------------------------------------------------------------------------|
@@ -291,7 +292,7 @@ metadata:
 type: Opaque
 ```
 
-Now, you can create a Restic tpr using this secret. Following parameters are available for `Azure` backend.
+Now, you can create a Restic crd using this secret. Following parameters are available for `Azure` backend.
 
 | Parameter     | Description                                                                     |
 |---------------|---------------------------------------------------------------------------------|
@@ -399,7 +400,7 @@ metadata:
 type: Opaque
 ```
 
-Now, you can create a Restic tpr using this secret. Following parameters are available for `Swift` backend.
+Now, you can create a Restic crd using this secret. Following parameters are available for `Swift` backend.
 
 | Parameter         | Description                                                                 |
 |-------------------|-----------------------------------------------------------------------------|
@@ -479,7 +480,7 @@ metadata:
 type: Opaque
 ```
 
-Now, you can create a Restic tpr using this secret. Following parameters are available for `B2` backend.
+Now, you can create a Restic crd using this secret. Following parameters are available for `B2` backend.
 
 | Parameter     | Description                                                               |
 |---------------|---------------------------------------------------------------------------|