search

openshift / oadp-operator

OADP Operator
Apache License 2.0
78 stars 72 forks source link

Bug: Unable to create 2nd DataProtectionApplication #901

Closed chobostar closed 1 year ago

chobostar commented 1 year ago

Contact Details

chobostar85@gmail.com

Describe bug

I want to store some backups in separate object storage, so I have created the second DataProtectionApplication:

apiVersion: oadp.openshift.io/v1alpha1
kind: DataProtectionApplication
metadata:
  name: mycluster-crossplane
  namespace: openshift-adp
spec:
  backupLocations:
  - velero:
      config:
        resourceGroup: myprefix-crossplane-services-rg
        storageAccount: myclustercrossplanebckup
        subscriptionId: e09c81c4-<reducted>-2f8c6474ebe4
      credential:
        key: cloud
        name: cloud-credentials-azure
      default: true
      objectStorage:
        bucket: myclustercrossplanebackup
        prefix: myprefix-crossplane
      provider: azure
  configuration:
    velero:
      defaultPlugins:
      - openshift
      - azure
status:
  conditions:
  - lastTransitionTime: "2023-02-14T06:20:52Z"
    message: Object openshift-adp/restic-restore-action-config is already owned by
      another DataProtectionApplication controller mycluster-oadp
    reason: Error
    status: "False"
    type: Reconciled

And I see error Object openshift-adp/restic-restore-action-config is already owned by another DataProtectionApplication controller mycluster-oadp, where mycluster-oadp is name of first DataProtectionApplication

I see that restic-restore-action-config hardcoded configmap: https://github.com/openshift/oadp-operator/blob/3b9b40f44e74ceac60788c03bf8a0c2fe37cb8b7/controllers/restic.go#L28

Is it intended? If so, how to store some filtered backups to separate store? If it's impossible, then how to use oadp-operator in multi-tenant cluster with backups isolation per tenant?

What happened?

Unable to create 2nd DataProtectionApplication:

Object openshift-adp/restic-restore-action-config is already owned by another DataProtectionApplication controller mycluster-oadp

where mycluster-oadp is name of first DataProtectionApplication

OADP Version

1.1.1 provided by Red Hat

OpenShift Version

4.11.25

Velero pod logs

No response

Restic pod logs

No response

Operator pod logs

1.6763557343685212e+09 ERROR controller.dataprotectionapplication Reconciler error {"reconciler group": "oadp.openshift.io", "reconciler kind": "DataProtectionApplication", "name": "mycluster-crossplane", "namespace": "openshift-adp", "error": "Object openshift-adp/restic-restore-action-config is already owned by another DataProtectionApplication controller mycluster-oadp"}

New issue

sseago commented 1 year ago

Each DPA creates/manages a separate Velero instance. The use case for a second DPA would be if you want a separate installation in a completely different namespace, as you can have only one Velero installation in a given namespace.

However, if all you want to do is provide additional backup locations, you don't need a second DPA. Just add a second backup location to the DPA config (with default set to false), and when creating a backup that you want to use the alternate object store, specify this secondary BSL by name when creating the backup CR.