Closed rk9qn3j closed 1 year ago
Hi @rk9qn3j,
2.50.0 is not the latest Azure CLI(2.51.0).
Please upgrade to the latest Azure CLI version by following https://learn.microsoft.com/en-us/cli/azure/update-azure-cli.
Thank you for opening this issue, we will look into it.
@rk9qn3j Thanks for reaching out to us and reporting this issue. We are looking into this issue and we will provide an update.
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @Azure/aks-pm.
Checking it
--source-resource-id /subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.RecoveryServices/vaults/xxx --roles Microsoft.DataProtection/backupVaults/backup-operator
These two must be equal.
If you want to use "Microsoft.DataProtection/backupVaults/backup-operator" role to access an aks, this role can only bind to your resource which is Microsoft.DataProtection type that is --source-resource-id /subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.DataProtection
.
If you want resource /subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.RecoveryServices/vaults/xxx to access aks, you should bind roles with --roles Microsoft.RecoveryServices/xxxxx
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @Azure/aks-pm.
@YitongFeng-git Okay, I assumed from the documentation, that I could just use the role stated in the example. Is there an equivalent to backup-operator, but under Microsoft.RecoveryServices?
Hello @rk9qn3j It depends on which roles are provided by Azure backup service. I will loop Azure backup PM here.
Any update on this?
Hi @rk9qn3j,
AKS Backup is only available with Backup Vault (Microsoft.DataProtection). It is not available with Recovery Services Vault (Microsoft.RecoveryServices). Please user Backup Vault to protect your AKS clusters.
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @Azure/aks-pm.
Got it! Thanks!
Describe the bug
Hi,
I'm trying to setup backup for AKS according to the documentation (https://learn.microsoft.com/en-us/azure/backup/azure-kubernetes-service-cluster-manage-backups), but aren't able to complete the last step, Trusted Access related operations (https://learn.microsoft.com/en-us/azure/backup/azure-kubernetes-service-cluster-manage-backups#trusted-access-related-operations) as it results in an InvalidParameter error for some reason.
Related command
Errors
Issue script & Debug output
Expected behavior
The command should create Trusted Access between the backup vault and AKS cluster.
Environment Summary
azure-cli 2.50.0 *
core 2.50.0 telemetry 1.0.8
Extensions: aks-preview 0.5.152 k8s-extension 1.4.2
Dependencies: msal 1.22.0 azure-mgmt-resource 23.1.0b2
Python location '/usr/bin/python3' Extensions directory '/home/xxx/.azure/cliextensions'
Python (Linux) 3.11.4 (main, Jun 7 2023, 00:00:00) [GCC 13.1.1 20230511 (Red Hat 13.1.1-2)]
Additional context
No response