Skip to main content

API

Below are the configurable environment parameters for the API.

  • FIELD is the name of the environment variable to be configured within the velero-api-config ConfigMap.
  • Helm KEY is the related key defined in the Helm chart.

Configuration

FIELDHELM KEYTYPEDEFAULTDESCRIPTION
API_ENABLE_DOCUMENTATIONapiConfig.apiEnableDocumentationBoolTrueEnabled/Disabled the fastapi documentation user interfaces
API_ENDPOINT_PORTapiConfig.apiEndpointPortInt8001Socket bind port
API_ENDPOINT_URLapiConfig.apiEndpointUrlString0.0.0.0Socket bind host
API_RATE_LIMITER_CUSTOM_L1 (4)apiConfig.apiRateLimiterCustom1StringSecurity:xxx:60:20Rate limiter for specific tag/endpoint: Security (tag) xxx (all endpoints under the tag) 60 seconds max requests 20
API_RATE_LIMITER_CUSTOM_L2 (4)StringInfo:info:60:500Rate limiter for specific tag/endpoint: Info (tag) xxx (all endpoints under the tag) 60 seconds max requests 500
API_RATE_LIMITER_L1apiConfig.apiRateLimiterL1String60:120Rate limiter: 60 seconds max requests 10
API_TOKEN_EXPIRATION_MINapiConfig.apiTokenExpirationMinInt30Token validity after the creation (minutes)
API_TOKEN_REFRESH_EXPIRATION_DAYSapiConfig.apiTokenRefreshExpirationDaysInt7Token validity after the creation (days)
AWS_ACCESS_KEY_IDapiConfig.awsAccessKeyIdStringAWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEYapiConfig.awsSecretAccessKeyStringAWS_SECRET_ACCESS_KEY
CONTAINER_MODEBoolFalseEnabled in is deployed in a container outside k8s cluster
DEBUG_LEVELapiConfig.debugLevelStringinfoPrint level (Critical, error, warning, info, debug)
DEFAULT_ADMIN_USERNAMEapiConfig.defaultAdminPasswordStringadminDefault username for admin user (will be created if does not already exist)
DEFAULT_ADMIN_PASSWORDapiConfig.defaultAdminUsernameStringadminDefault password for admin user (will be created if does not already exist)
DOWNLOAD_TMP_FOLDERapiConfig.downloadTmpFolderString/tmp/velero-apiDestination folder when executing velero backup download
K8S_IN_CLUSTER_MODEapiConfig.k8SInClusterModeBoolFalseEnabled if is deployed in a cluster
K8S_VELERO_NAMESPACEglobal.veleroNamespaceStringveleroK8s Velero namespace
K8S_VELERO_UI_NAMESPACEStringvelero-uiK8s Velero namespace
NATS_ENABLEfalse
NATS_ENDPOINT_URL127.0.0.1
NATS_PORT_CLIENT4222
NATS_USERNAMEuser
NATS_PASSWORDpassword
NATS_ALIVE_SEC60
NATS_REQUEST_TIMEOUT_SEC2
NATS_RETRY_REG_SEC30
NATS_RETRY_CONN_SEC20
NATS_PORT_MONITORING30
NATS_CRON_UPDATE_K8S_HEALTH300
NATS_CRON_UPDATE_STATS_GET300
NATS_CRON_UPDATE_BACKUP300
NATS_CRON_UPDATE_RESTORE300
NATS_CRON_UPDATE_BACKUP_LOCATION300
NATS_CRON_UPDATE_STORAGE_LOCATION300
NATS_CRON_UPDATE_REPOSITORIES300
NATS_CRON_UPDATE_SC_MAPPING300
ORIGINS_1 (1)apiConfig.origins1Stringhttp://localhost:3000Allowed origin
ORIGINS_2 (1)Stringhttp://127.0.0.1:3000Allowed origin
ORIGINS_3 (1)String*Allowed origin
SECURITY_DISABLE_USERS_PWD_RATEapiConfig.securityDisableUsersPwdRateBoolFalseIf True user can have a weak password, otherwise is required a strong password
SECURITY_PATH_DATABASEapiConfig.securityPathDatabaseString./testPath where create the SQL-Lite database used for storing the users credentials
SECURITY_REFRESH_TOKEN_KEY (3)StringOptional: Secret key used for JWT creation (refresh token mechanism)
SECURITY_TOKEN_KEY (3)StringOptional: Secret key used for JWT creation
VELERO_CLI_DEST_PATHapiConfig.veleroCliDestPathString/usr/local/binPath where to extract the velero executable file
VELERO_CLI_PATHapiConfig.veleroCliPathString/app/velero-clientPath where the compressed velero client archives are located
VELERO_CLI_PATH_CUSTOMapiConfig.veleroCliPathCustomString/app/velero-client-binaryPath where the user can store manually the binary file
VELERO_CLI_VERSION (2)apiConfig.veleroCliVersionStringlatest available in velero-api-imageName of the velero client release to be used
RESTIC_PASSWORDapiConfig.resticPasswordStringstatic-passw0rd
  1. You can define up to 100 allowed origins that should be permitted to make cross-origin requests. An origin is the combination of protocol (http, https), domain (myapp.com, localhost) and port (80, 443, 8001)

  2. The Velero client is downloaded when the pod is started according to the environment variable VELERO_CLI_VERSION. Set VELERO_CLI_VERSION as the following syntax example: v1.12.2

    info

    In the event of a connection problem, the version 1.12.1 contained within the Velero API image will be utilized.

  3. To generate a fixed secure random secret key use the command:

    openssl rand -hex 32
    info

    If no secret key is provided, the system regenerates new missed keys itself each time it is restarted.

  4. You can define up to 100 custom rate limiters (from the key API_RATE_LIMITER_CUSTOM_L1 to API_RATE_LIMITER_CUSTOM_L99). Rules can be designed for a tag (eg Security, Info, Backup, Schedule, etc) or for a specific endpoint (eg backup/update-expitaration, utils/version, etc).

    warning

    Replace the characters \ - in endpoint urls with the _

    The description field of each endpoint describes the key to configure the customized rate limiter and the actual setup.

    Example : if we want to create a rule for the specific endpoint "/backup/get-storage-classes" (tag: Backup) it will be: Backup:backup_get_storage_classes:60:600 The default rate limiter is defined by the key API_RATE_LIMITER_L1

Swagger UI

tip

To find out all the endpoints exposed by the API project, you can use the Swagger UI documentation

< API IP address >/api/docs

If you disable the api documentation (API_ENABLE_DOCUMENTATION key), you are not able to reach the endpoint /docs.