Running backups on tls-enabled cluster

I’m experimenting with the kubernetes operator 0.7.0, and the foundationdbbackups CRD.

However, in the pods that are created, I cannot connect to the database, status is unavailable.
After some debugging, it seems like the FDB_TLS_CA_FILE environment variable is overridden to point to /var/dynamic-conf/ca.pem, even though I explicitly set it in the FoundationDBBackup manifest.

Is this due to https://github.com/FoundationDB/fdb-kubernetes-operator/blob/master/controllers/pod_models.go#L642 using append and not extendEnv? (Not proficient in go, but it looks suspicious)

Extract from kubectl describe pod timeseries-test-cluster-backup-agents-69c4857dc9-vd225:

Containers:
foundationdb:
Container ID: docker://d4affc81645687e6500795f1344097d28fe89113e6a63a256412c218ef644071
Image: foundationdb/foundationdb:6.2.15
Image ID: docker-pullable://foundationdb/foundationdb@sha256:013fc8eea0f4525a9d0e11b22b1a808f9dc917fcecf96a07322064ae2c845c75
Port:
Host Port:
Command:
backup_agent
Args:
–log
–logdir
/var/log/fdb-trace-logs
State: Running
Started: Mon, 30 Mar 2020 15:14:05 +0200
Ready: True
Restart Count: 0
Limits:
cpu: 250m
memory: 128Mi
Requests:
cpu: 250m
memory: 128Mi
Environment:
FDB_TLS_CERTIFICATE_FILE: /tmp/fdb-certs/tls.crt
FDB_TLS_KEY_FILE: /tmp/fdb-certs/tls.key
FDB_TLS_CA_FILE: /tmp/fdb-certs/ca.crt
FDB_BLOB_CREDENTIALS: <set to the key ‘secret’ in secret ‘minio-fdb-gateway-secret’> Optional: false
FDB_CLUSTER_FILE: /var/dynamic-conf/fdb.cluster
FDB_TLS_CA_FILE: /var/dynamic-conf/ca.pem
Mounts:
/tmp/fdb-certs from fdb-certs (rw)
/var/dynamic-conf from dynamic-conf (rw)
/var/log/fdb-trace-logs from logs (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-dzlgx (ro)

A second issue is with https://github.com/FoundationDB/fdb-kubernetes-operator/blob/master/config/samples/cluster_with_backup.yaml

Start a Backup:
kubectl exec deployment/sample-cluster-backup-agents – fdbbackup start -d “blobstore://minio@minio-service:9000/sample-cluster-test-backup?sc=0&bucket=fdb-backups” -z

I only manage to execute to a pod, not a deployment. Is it a typo?

Update:

First issue is solved in current master branch, to be in the next release.

Second issue is a problem with gcloud kubectl it seems, that doesn’t allow “/” with exec