Unexpected requests to s3 endpoints from different regions

[rnarenpujari]

What steps did you take and what happened:

From the cluster proxy logs we see requests to s3 endpoints that have not been configured in any BSL

From our proxy logs: "[18/Oct/2023:12:15:00 +0200]" 21 172.21.40.8 - - 192.168.67.53 192.168.67.53 "Unavailable" - content_filter_denied DENIED "Technology/Internet" - 200 TCP_ACCELERATED CONNECT - tcp [s3.cn-northwest-1.amazonaws.com.cn](http://s3.cn-northwest-1.amazonaws.com.cn/) 443 / - - "Go-http-client/1.1" 192.168.67.53 52.82.190.56 39 137 - "none" "none" unavailable 43e16b749c07819d-000000008dfecf94-00000000652fb024 - - - - 0#015 "[18/Oct/2023:12:14:58 +0200]" 3 172.21.40.8 - - 192.168.67.53 192.168.67.53 "Unavailable" - content_filter_denied DENIED "Government/Legal" - 200 TCP_ACCELERATED CONNECT - tcp [s3.us-iso-east-1.c2s.ic.gov](http://s3.us-iso-east-1.c2s.ic.gov/) 443 / - - "Go-http-client/1.1" 192.168.67.53 - 39 123 - "none" "none" unavailable 43e16b749c07819d-000000008dfecdcd-00000000652fb022 - - - - 0#015

Have not actually confirmed that the requests are coming from velero but it seems likely since this started happening when we transitioned from using velero 1.10.3 with restic for volume backups to 1.12 with kopia.

Spec of BSL that is present:

  spec:
    config:
      bucket: xxx
      insecureSkipTLSVerify: "true"
      profile: default
      region: eu-central-1
      s3ForcePathStyle: "false"
    credential:
      key: bsl
      name: velero-tanzu-s3-backup
    objectStorage:
      bucket: xxx
      prefix: abcd/
    provider: aws

What did you expect to happen:

Requests to only be sent for the expected s3 region endpoint (eu-central-1).

The following information will help us better understand what's going on:

NA

Anything else you would like to add:

NA

Environment:

• Velero version (use velero version): 1.12
• Velero features (use velero client config get features):
• Kubernetes version (use kubectl version):
• Kubernetes installer & version:
• Cloud provider or hardware configuration:
• OS (e.g. from /etc/os-release):

Vote on this issue!

This is an invitation to the Velero community to vote on issues, you can see the project's top voted issues listed here.
Use the "reaction smiley face" up to the right of this comment to vote.

• 👍 for "I would like to see this bug fixed as soon as possible"
• 👎 for "There are more important bugs to focus on right now"

[Lyndon-Li]

Reopen for 1.11 and 1.10