Cloudflare R2 backupTarget

[Hazmi35]

I've already set backupTarget to s3://bucket@cf-r2-endpoint and backupTargetCredentialSecret to a secret called longhorn-r2-backups which contains:

apiVersion: v1
kind: Secret
metadata:
  name: longhorn-r2-backups
  namespace: longhorn-system
type: Opaque
stringData:
  AWS_ACCESS_KEY_ID: redacted
  AWS_ENDPOINTS: redacted
  AWS_SECRET_ACCESS_KEY: redacted

But it's giving me failed to get default backup target client on longhornio/longhorn-engine:v1.6.0: could not access s3 without credential secret error.

Or is Cloudflare R2 unsupported? How to configure this properly?

[derekbit]

could not access s3 without credential secret
Secret is not set. Please see the https://longhorn.io/docs/1.6.0/snapshots-and-backups/backup-and-restore/set-backup-target/.

[derekbit]

A bit confused. You can unset secret/backup target and set them again.

[Hazmi35]

Done. I've unset them and even restarted all nodes in the cluster, still the same, the changes isn't applied.

Quick question, if I'm using helm, to apply the change, I just need to edit the defaultSettings.backupTargetCredentialSecret then do helm upgrade right?

I've done that and the settings are applied, but somehow longhorn didn't get the new settings

[Hazmi35]

Anyway. I've reinstall Longhorn anyway.

But now I'm facing a different problem

[Hazmi35]

Nevermind, found the error. invalid URL. Must be either s3://bucket@region/path/, or s3://bucket/path\

[Hazmi35]

What should I input for backupTarget?

[Hazmi35]

Ok. I managed to get it working:

Create longhorn-r2-backups secret with this data:

apiVersion: v1
kind: Secret
metadata:
  name: longhorn-r2-backups
  namespace: longhorn-system
type: Opaque
stringData:
  AWS_ACCESS_KEY_ID: YOUR_CF_R2_ACCESS_KEY 
  AWS_ENDPOINTS: https://<CF_ACCOUNT_ID>.r2.cloudflarestorage.com # or via jurisdiction-specific endpoint https://<CF_ACCOUNT_ID>.r2.cloudflarestorage.com
  AWS_SECRET_ACCESS_KEY: YOUR_CF_R2_SECRET_ACCESS_KEY

Check this documentation for more details

Then:

1. Set backupTargetCredentialSecret option in Longhorn to longhorn-r2-backups
2. Set backupTarget to "s3://<cf-r2-bucket-name>@auto/<path>" (auto is necessary)

[arinanto]

Hi, just adding more info. You can add region hint on backupTarget when using Cloudflare R2. For example, you can write it like s3://<cf-r2-bucket-name>@apac/<path> for better locality in the Asia Pacific region.

You can see more regions here:
https://developers.cloudflare.com/r2/reference/data-location/#available-hints

I've just test it on my server using the apac region and it works fine.