The maintenance work for kopia/restic backup repositories is run in jobs
Since velero started using kopia as the approach for filesystem-level backup/restore, we've noticed an issue when velero connects to the kopia backup repositories and performs maintenance, it sometimes consumes excessive memory that can cause the velero pod to get OOM Killed. To mitigate this issue, the maintenance work will be moved out of velero pod to a separate kubernetes job, and the user will be able to specify the resource request in "velero install".
Volume Policies are extended to support more actions to handle volumes
In an earlier release, a flexible volume policy was introduced to skip certain volumes from a backup. In v1.14 we've made enhancement to this policy to allow the user to set how the volumes should be backed up. The user will be able to set "fs-backup" or "snapshot" as value of “action" in the policy and velero will backup the volumes accordingly. This enhancement allows the user to achieve a fine-grained control like "opt-in/out" without having to update the target workload. For more details please refer to https://velero.io/docs/v1.14/resource-filtering/#supported-volumepolicy-actions
Node Selection for Data Movement Backup
In velero the data movement flow relies on datamover pods, and these pods may take substantial resources and keep running for a long time. In v1.14, the user will be able to create a configmap to define the eligible nodes on which the datamover pods are launched. For more details refer to https://velero.io/docs/v1.14/data-movement-backup-node-selection/
VolumeInfo metadata for restored volumes
In v1.13, we introduced volumeinfo metadata for backup to help velero CLI and downstream adopter understand how velero handles each volume during backup. In v1.14, similar metadata will be persisted for each restore. velero CLI is also updated to bring more info in the output of "velero restore describe".
"Finalizing" phase is introduced to restores
The "Finalizing" phase is added to the state transition flow to restore, which helps us fix several issues: The labels added to PVs will be restored after the data in the PV is restored via volumesnapshotter. The post restore hook will be executed after datamovement is finished.
Certificate-based authentication support for Azure
Besides the service principal with secret(password)-based authentication, Velero introduces the new support for service principal with certificate-based authentication in v1.14.0. This approach enables you to adopt a phishing resistant authentication by using conditional access policies, which better protects Azure resources and is the recommended way by Azure.
Runtime and dependencies
Golang runtime: v1.22.2
kopia: v0.17.0
Limitations/Known issues
For the external BackupItemAction plugins that take snapshots for PVs, such as vsphere plugin. If the plugin checks the value of the field "snapshotVolumes" in the backup spec as a criteria for snapshot, the settings in the volume policy will not take effect. For example, if the "snapshotVolumes" is set to False in the backup spec, but a volume meets the condition in the volume policy for "snapshot" action, because the plugin will not check the settings in the volume policy, the plugin will not take snapshot for the volume. For more details please refer to #7818
Breaking changes
CSI plugin has been merged into velero repo in v1.14 release. It will be installed by default as an internal plugin, and should not be installed via "–plugins " parameter in "velero install" command.
The default resource requests and limitations for node agent are removed in v1.14, to make the node agent pods have the QoS class of "BestEffort", more details please refer to #7391
There's a change in namespace filtering behavior during backup: In v1.14, when the includedNamespaces/excludedNamespaces fields are not set and the labelSelector/OrLabelSelectors are set in the backup spec, the backup will only include the namespaces which contain the resources that match the label selectors, while in previous releases all namespaces will be included in the backup with such settings. More details refer to #7105
Patching the PV in the "Finalizing" state may cause the restore to be in "PartiallyFailed" state when the PV is blocked in "Pending" state, while in the previous release the restore may end up being in "Complete" state. For more details refer to #7866
All Changes
Fix backup log to show error string, not index (#7805, @piny940)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the security group with 7 updates:
2.52.12.52.41.8.41.9.01.13.01.14.00.25.60.29.00.25.60.29.00.25.60.29.00.0.0-20220728103510-ee6ede2d64ed0.0.0-20230726121419-3b25d923346bUpdates
github.com/gofiber/fiber/v2from 2.52.1 to 2.52.4Release notes
Sourced from github.com/gofiber/fiber/v2's releases.
Commits
fd811cfprepare release v2.52.4a6f4c13fix(middleware/cors): Vary header handling non-cors OPTIONS requests (#2939)e574c0dfix(middleware/cors): CORS handling (#2937)43d5091Prepare release v2.52.3ba10e68test(middleware/csrf): Fix Benchmark Tests (#2932)1607d87fix(middleware/cors): Categorize requests correctly (#2921)1aac6f6fix(middleware/cors): Handling and wildcard subdomain matching (#2915)d2b19e2refactor(docs): deactivate docs sync for v268d90cdrefactor(docs): deactivate docs sync for v2109e91aprepare release v2.52.2Updates
github.com/stretchr/testifyfrom 1.8.4 to 1.9.0Release notes
Sourced from github.com/stretchr/testify's releases.
... (truncated)
Commits
bb548d0Merge pull request #1552 from stretchr/dependabot/go_modules/github.com/stret...814075fbuild(deps): bump github.com/stretchr/objx from 0.5.1 to 0.5.2e045612Merge pull request #1339 from bogdandrutu/uintptr5b6926dMerge pull request #1385 from hslatman/not-implements9f97d67Merge pull request #1550 from stretchr/release-notesbcb0d3fInclude the auto-release notes in releasesfb770f8Merge pull request #1247 from ccoVeille/typos85d8bb6fix typos in comments, tests and github templatese2741faMerge pull request #1548 from arjunmahishi/msgAndArgs6e59f20http_assertions: assert that the msgAndArgs actually works in testsUpdates
github.com/vmware-tanzu/velerofrom 1.13.0 to 1.14.0Release notes
Sourced from github.com/vmware-tanzu/velero's releases.
... (truncated)
Commits
2fc6300Merge pull request #7860 from blackpiglet/update_e2e_for_1_14200f16eMerge branch 'release-1.14' into update_e2e_for_1_140d36572Merge pull request #7876 from reasonerjt/update-release-note-1.1408fea6eMerge branch 'release-1.14' into update-release-note-1.14d20bd16Skip parallel files upload and download test for Restic case.bf778c7Merge pull request #7875 from reasonerjt/fix-restore-crash-1.14a650059Update release note of 1.14f61c8b9Add checks for csisnapshot for vol_info population2136679Merge pull request #7852 from reasonerjt/fix-7849-1.14f6367caUse PVC to track the CSI snapshot in restoreUpdates
k8s.io/apifrom 0.25.6 to 0.29.0Commits
12b5cfdUpdate dependencies to v0.29.0 tag0d77c34Merge remote-tracking branch 'origin/master' into release-1.29bb0a75cadd beta comment for pod replacement policy0099855update go.modd4b94f4Merge pull request #121765 from mimowo/ready-pods-stable-api8391a3fMerge pull request #121764 from mimowo/backoff-limit-per-index-beta-api7e58e00Fix API comment for the Job ready field5a2bc70Fix API comment for the FailIndex Job pod failure policy actioncca653eMerge pull request #113374 from ahmedtd/kep-3257-projected-typesd23b507Regenerate for ClusterTrustBundlePEM projected volume APIUpdates
k8s.io/apimachineryfrom 0.25.6 to 0.29.0Commits
3c8c1f2update go.mod12dc3f8Merge pull request #113374 from ahmedtd/kep-3257-projected-types03a1b4bLRUExpireCache: Allow removing multiple keys under lockbc0a03bMerge pull request #119762 from AxeZhan/PollUntilContextCancel16d50e6Merge pull request #121552 from pohly/klog-update6b13b03dependencies: klog v2.110.196ae302Merge pull request #121575 from apelisse/update-smd458fd90Merge pull request #120707 from Jefftree/csa-openapiv3850727fMerge pull request #120592 from AxeZhan/validation_sets8dbf841managedfields: Allow duplicates for built-in updates associative listsUpdates
k8s.io/client-gofrom 0.25.6 to 0.29.0Commits
fb8b734Update dependencies to v0.29.0 tag288368eupdate go.mod86d49e7Merge pull request #113374 from ahmedtd/kep-3257-projected-types59c256aRegenerate for ClusterTrustBundlePEM projected volume APIac369c3Define ClusterTrustBundlePEM projected volume66e57f7Merge pull request #121552 from pohly/klog-update8b96b9bdependencies: klog v2.110.1c13269dMerge pull request #116516 from aojea/servicecidr7523a34Merge pull request #121575 from apelisse/update-smd965bc8dMerge pull request #121104 from carlory/kep-3751-api-changesUpdates
k8s.io/utilsfrom 0.0.0-20220728103510-ee6ede2d64ed to 0.0.0-20230726121419-3b25d923346bCommits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show