vmware-tanzu / helm-charts

Contains Helm charts for Kubernetes related open source tools
https://vmware-tanzu.github.io/helm-charts/
Apache License 2.0
250 stars 362 forks source link

backupstoragelocation.velero.io default not found #102

Closed ahmadhajali closed 4 years ago

ahmadhajali commented 4 years ago

After upgrading Velero from v1.1.0 to v1.3.1 we are encountering with the following issue: We use the following setting:

configuration:
  | # Cloud provider being used (e.g. aws, azure, gcp).
  | provider: aws
  |  
  | # Parameters for the `default` BackupStorageLocation. See
  | # https://velero.io/docs/v1.0.0/api-types/backupstoragelocation/
  | backupStorageLocation:
      | # Cloud provider where backups should be stored. Usually should
      | # match `configuration.provider`. Required.
      | name: aws

As mentioned in the comment above configuration.backupStorageLocation.name usually should match configuration.provider.

If the name is set to "aws", we getting backupstoragelocation.velero.io default not found errors, and no backups are done. In addition, metrics are all zero except velero_backup_total.

While if name is set to "default", backups occur and metrics are showing all values.

Is it a bug?

Best regards, Ahmad

CarpathianUA commented 4 years ago

Experiencing the same

yadachi commented 4 years ago

it was same for me. but it turns out that I need to specify storage location in my backup by default a backup job look for a storage location name default not aws

ahmadhajali commented 4 years ago

I changed the storage location to default, but in the previous velero version, it accepts different values. Is it a new behavior?

yadachi commented 4 years ago

looks like it changed from default to backupStorageLocation.name recently here if you leave name empty then, it will fall back to default but the comment does mislead you bit there. I wonder if we can pass --default-backup-storage-location option that cli installation has in helm chart.

ahmadhajali commented 4 years ago

will give it a try

optimus-kart commented 4 years ago

Facing the same issue and solutions?

optimus-kart commented 4 years ago

And seriously the documentation needs an update :/

adamrushuk commented 4 years ago

Facing the same issue and solutions?

I've just had this error, and fixed it.

If you've specified a value for configuration.backupStorageLocation.name, ensure you specify the same name in schedules.<YOUR_SCHEDULE_NAME>.template.storageLocation

dguyhasnoname commented 4 years ago

Here is what worked for me:


  - name: velero-plugin-for-aws
    image: velero/velero-plugin-for-aws:v1.1.0
    imagePullPolicy: IfNotPresent
    volumeMounts:
      - mountPath: /target
        name: plugins

metrics:
  enabled: true
  scrapeInterval: 30s

  podAnnotations:
    prometheus.io/scrape: "true"
    prometheus.io/port: "8085"
    prometheus.io/path: "/metrics"

  serviceMonitor:
    enabled: true
    additionalLabels: {}    

configuration:
  provider: aws
  backupStorageLocation:
    name: aws
    bucket: ${bucket-name}
    prefix: backup
    config:
      kmsKeyId: $KeyId}
      region: ${region}
  volumeSnapshotLocation:
    name: aws
    config:
      region: ${region}
  logLevel: debug

credentials:
  useSecret: false

deployRestic: false   

schedules:
  hourly-backup:
    schedule: "* * * * *"
    template:
      includeClusterResources: true
      includedNamespaces:
      - '*'
      includedResources:
      - '*'
      storageLocation: aws
      snapshotVolumes: true      
      ttl: 720h0m0s```
bclouser commented 4 years ago

Not sure what the state of this was. I have been hitting a similar (if not identical) issue in the latest 2.12.0 helm chart installed fresh when trying to create a backup. Worth noting i am using helm3

I am able to "launch" the backup process, but it fails with validation error:

Phase:  FailedValidation

Validation errors:  a BackupStorageLocation CRD with the name specified in the backup spec needs to be created before this backup can be executed. Error: backupstoragelocation.velero.io "default" not found

I have tried quite a number of things, including adding --exclude-resource crd and this issue remains.

There is quite some discussion around crds and how to handle them in the issues here and in the main velero repo, so perhaps things are just churning right now.... it does seem that 2.12.0 isn't the most stable of releases :stuck_out_tongue:

davidgibbons commented 4 years ago

@bclouser I believe I got it working with that version of the helm chart. The main thing I did was specify a non-default name for the backupstoragelocation and then remove any of the resources that pointed to the 'default' location.

mshivanna commented 4 years ago

Release 2.12.0 had BackupStorageLocation crd's name hardcoded to default.

apiVersion: velero.io/v1
kind: BackupStorageLocation
metadata:
  name: default

Fixed in latest version


{{- if .Values.backupsEnabled }}
apiVersion: velero.io/v1
kind: BackupStorageLocation
metadata:
  name: {{ include "velero.backupStorageLocation.name" . }}
bclouser commented 4 years ago

Hmmm

I have blown away all the crds created from velero's helm chart and then installed fresh with v2.12.0 (a number of times)

my config file looks like this:

configuration:
  provider: aws
  backupStorageLocation:
    name: aws
    bucket: tx-eks-torizon-k8s-backup
    config:
      region: us-east-1
  volumeSnapshotLocation:
    name: aws
    config:
      region: us-east-1
snapshotsEnabled: true
credentials:
  existingSecret: cloud-credentials
# Backup schedules to create.
schedules:
  aws-default:
    schedule: "0 0 * * *"
    template:
      ttl: "240h"
      includedNamespaces:
       - default
  aws-others:
      schedule: "0 0 * * *"
      template:
        ttl: "240h"
        excludedNamespaces:
         - default
        snapshotVolumes: false
initContainers:
  - name: velero-plugin-for-aws
    image: velero/velero-plugin-for-aws:v1.1.0
    imagePullPolicy: IfNotPresent
    volumeMounts:
      - mountPath: /target
        name: plugins

and when i create a backup i see the same error, and I even went in and described the BackupResource using kubectl

$ k describe backup bens-totally-random-backup3 -n velero
Name:         bens-totally-random-backup3
Namespace:    velero
Labels:       velero.io/storage-location=default
Annotations:  <none>
API Version:  velero.io/v1
Kind:         Backup
Metadata:
  Creation Timestamp:  2020-07-23T21:05:00Z
  Generation:          2
  Resource Version:    53345180
  Self Link:           /apis/velero.io/v1/namespaces/velero/backups/bens-totally-random-backup3
  UID:                 2bc8ad74-cd28-11ea-aa0a-0e379dd2f475
Spec:
  Hooks:
  Included Namespaces:
    *
  Storage Location:  default
  Ttl:               720h0m0s
  Volume Snapshot Locations:
    aws
Status:
  Expiration:  2020-08-22T21:05:00Z
  Phase:       FailedValidation
  Validation Errors:
    a BackupStorageLocation CRD with the name specified in the backup spec needs to be created before this backup can be executed. Error: backupstoragelocation.velero.io "default" not found
  Version:  1
Events:     <none>

notice the: Storage Location: default

Additionally, on the cli i found this command

$ velero backup-location get
NAME   PROVIDER   BUCKET/PREFIX               ACCESS MODE
aws    aws        tx-eks-torizon-k8s-backup   ReadWrite

so according to cli, velero has the correct location set, however it uses "default" during resource creation :/

I am starting to dig through the code to find out where exactly velero is getting this BackupLocation... Kind of surprised I am the only one with this issue. Our AWS cluster is older than most, currently using 1.13.12 eks so perhaps an api request is failing silently in the velero golang app or is handling unexpected data in a response and therefore uses "default" :shrug:

carlisia commented 4 years ago

I'm looking into this.

carlisia commented 4 years ago

I noticed this is happening.

carlisia commented 4 years ago

@bclouser just to try and unblock you:

so according to cli, velero has the correct location set, however it uses "default" during resource creation :/

Velero uses "default" by default, in other words, it uses that unless you specify a storage location name during backup creation. I see that your backup was created against a BSL named "default", but the cli shows you only have a BSL named "aws". If you edit the backupstoragelocations.velero.io/aws to backupstoragelocations.velero.io/default it would be a quick fix to this. Alternatively, when you run the backup create, pass the name of the aws BSL.

I'm still looking into how to keep ppl from running into this, might just be a documentation issue.

carlisia commented 4 years ago

I myself just did the same thing, had a BSL named something other than "default" and created a backup w/o specifying what that BSL name was.

bclouser commented 4 years ago

oh heck yeah @carlisia! That certainly works, thank you soo much! I hadn't noticed that --storage-location param

for posterity i ran this

velero backup create bens-new-random-backup --storage-location aws
carlisia commented 4 years ago

Hahaha good! Don't beat yourself up, it is NOT intuitive!

We are going to change our CLI on v1.6 to make this easier to discover.

carlisia commented 4 years ago

Hey @ahmadhajali thanks for bringing this up to our attention. If you are still having trouble, please see this explanation:

https://github.com/vmware-tanzu/helm-charts/issues/102#issuecomment-663257541

I added a PR to fix the documentation: https://github.com/vmware-tanzu/helm-charts/pull/128.

sharkymcdongles commented 4 years ago

@carlisia is there a possibility of having an annotation to set a default BSL even if the name differs?

eduartua commented 4 years ago

Hey @bclouser how did you fix it? I have the same issue with GCP. Installed using latest helm This is part of a backup:

spec:
  hooks: {}
  storageLocation: default
  ttl: 720h0m0s
  volumeSnapshotLocations:
  - gcp
status:
  expiration: "2020-09-27T00:25:42Z"
  formatVersion: 1.1.0
  phase: FailedValidation
  validationErrors:
  - 'a BackupStorageLocation CRD with the name specified in the backup spec needs
    to be created before this backup can be executed. Error: backupstoragelocation.velero.io

And this is the BSL created:

apiVersion: velero.io/v1
  kind: BackupStorageLocation
  metadata:
    annotations:
      helm.sh/hook: post-install,post-upgrade
      helm.sh/hook-delete-policy: before-hook-creation
    creationTimestamp: "2020-08-28T00:25:46Z"
    generation: 9
    labels:
      app.kubernetes.io/instance: velero
      app.kubernetes.io/managed-by: Helm
      app.kubernetes.io/name: velero
      helm.sh/chart: velero-2.12.15
    name: gcp
    namespace: velero
    resourceVersion: "1061592"
    selfLink: /apis/velero.io/v1/namespaces/velero/backupstoragelocations/gcp
    uid: xxx
  spec:
    config:
      serviceAccount: SA@DOMAIN.iam.gserviceaccount.com
    objectStorage:
      bucket: xxx-backups
      prefix: velero
    provider: gcp
  status:
    lastSyncedTime: "2020-08-28T00:33:09.293000989Z"

Velero version v1.4.2 Helm chart 2.12.15

zencircle commented 4 years ago

I am having the same issue on v1.15.0, works fine on v1.14.2

zico-dev commented 4 years ago

Hey, I am facing a similar issue, everytime I try to install the chart (aws/s3), I get the below error, but the pod seems to be running fine:

ec2-user@ip-xx.xx.xx.xx velero]$ helm install velero vmware-tanzu/velero  --namespace velero -f values.yaml
coalesce.go:199: warning: destination for caCert is a table. Ignoring non-table value <nil>
Error: failed post-install: warning: Hook post-install velero/templates/backupstoragelocation.yaml failed: BackupStorageLocation.velero.io "aws" is invalid: []: Invalid value: map[string]interface {}{"apiVersion":"velero.io/v1", "kind":"BackupStorageLocation", "metadata":map[string]interface {}{"annotations":map[string]interface {}{"helm.sh/hook":"post-install,post-upgrade", "helm.sh/hook-delete-policy":"before-hook-creation"}, "creationTimestamp":"2020-09-15T15:18:03Z", "generation":1, "labels":map[string]interface {}{"app.kubernetes.io/instance":"velero", "app.kubernetes.io/managed-by":"Helm", "app.kubernetes.io/name":"velero", "helm.sh/chart":"velero-2.12.17"}, "name":"aws", "namespace":"velero", "uid":"xxx"}, "spec":map[string]interface {}{"objectStorage":map[string]interface {}{"bucket":"velero-test", "caCert":"map[format:<nil> type:<nil>]", "prefix":"eks-velero-backup"}, "provider":"aws"}}: validation failure list:
spec.objectStorage.caCert in body must be of type byte: "map[format:<nil> type:<nil>]"

Velero info:
[ec2-user@ip-xx.xx.xx.xx velero]$ velero version
Client:
        Version: v1.4.0
        Git commit: 5963650c9d64643daaf510ef93ac4a36b6483392
Server:
        Version: v1.4.0
vitobotta commented 4 years ago

I'm having the same issue. Even if I create the backup storage location manually with

velero backup-location create default -n velero --bucket backups --prefix velero --config region=eu-central-1,s3Url=https://s3.eu-central-1.wasabisys.com --provider aws

Velero complains with: backupstoragelocations.velero.io \"default\" not found. The backup storage location exists:

❯ k get backupstoragelocations.velero.io -A
NAMESPACE   NAME      AGE
velero      default   3m47s

What can I do? Thanks

DanOfir commented 4 years ago

Hi, i am also facing the same issue Validation errors: a BackupStorageLocation CRD with the name specified in the backup spec needs to be created before this backup can be executed. Error: backupstoragelocation.velero.io "default" not found

but when looking on the installed CRD's and the original helm-chart CRD i can find only CRD with the name name: backupstoragelocations.velero.io pay attention to the extra s, locations, am i missing something?

~~using helm-chart version : 2.12.17 velero version: v1.4.2~~

this is not an issue, next comment by @adamrushuk what fixed it for me

adamrushuk commented 4 years ago

Facing the same issue and solutions?

I've just had this error, and fixed it.

If you've specified a value for configuration.backupStorageLocation.name, ensure you specify the same name in schedules.<YOUR_SCHEDULE_NAME>.template.storageLocation

^ this is what fixed it for me; explicitly adding the storage location.

DanOfir commented 4 years ago

Hi,

so this is my configurations:

configuration:
  provider: aws
  backupStorageLocation:
    name: aws
    bucket: '${bucket}'
    caCert: null
    prefix: '${sub_folder}'
    config:
      region: '${region}'
schedules:
  backup-all:
    labels:
      key: "value"
    schedule: "*/2 * * * *"
    template:
      storageLocation: aws
      ttl: "180h"

and i receive this error:

validationErrors:
  - 'a BackupStorageLocation CRD with the name specified in the backup spec needs
    to be created before this backup can be executed. Error: backupstoragelocation.velero.io
    "aws" not found'

and storage location object exists: image

BTW, when running backup manually: velero backup create test --storage-location aws it works without any issues someone know how to solve this?

tvvignesh commented 4 years ago

@carlisia Hi. I tried both default and a custom location as well and both didn't work for me. I removed the chart, deleted all the CRDs manually and tried installing again. Still the same issue.

Capture

I am using 1.5.1 and so, I had even added all the source needed from this PR: https://github.com/vmware-tanzu/helm-charts/pull/163 and still I have the same issue.

I can see the backup locations both via CRD and via CLI

Capture

And the backups created are stuck in progress:

Capture

and the bucket is empty.

This is how my chart looks like.

image:
  repository: velero/velero
  tag: v1.5.1
  # Digest value example: sha256:d238835e151cec91c6a811fe3a89a66d3231d9f64d09e5f3c49552672d271f38. If used, it will
  # take precedence over the image.tag.
  # digest:
  pullPolicy: IfNotPresent
  # One or more secrets to be used when pulling images
  imagePullSecrets: []
  # - registrySecretName

initContainers:
  - name: velero-plugin-for-gcp
    image: velero/velero-plugin-for-gcp:v1.1.0
    imagePullPolicy: IfNotPresent
    volumeMounts:
      - mountPath: /target
        name: plugins

# SecurityContext to use for the Velero deployment. Optional.
# Set fsGroup for `AWS IAM Roles for Service Accounts`
# see more informations at: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
securityContext:
  fsGroup: 1337
  runAsUser: 1000

# Settings for Velero's prometheus metrics. Enabled by default.
metrics:
  enabled: true

  # Pod annotations for Prometheus
  podAnnotations:
    prometheus.io/scrape: "true"
    prometheus.io/port: "8085"
    prometheus.io/path: "/metrics"

# Install CRDs as a templates. Enabled by default.
installCRDs: true

##
## End of deployment-related settings.
##

##
## Parameters for the `default` BackupStorageLocation and VolumeSnapshotLocation,
## and additional server settings.
##
configuration:
  # Cloud provider being used (e.g. aws, azure, gcp).
  provider: gcp

  # Parameters for the `default` BackupStorageLocation. See
  # https://velero.io/docs/v1.4/api-types/backupstoragelocation/
  backupStorageLocation:
    # name is the name of the backup storage location where backups should be stored. If a name is not provided,
    # a backup storage location will be created with the name "default". Optional.
    name: default
    # provider is the name for the backup storage location provider. If omitted
    # `configuration.provider` will be used instead.
    provider: gcp
    # bucket is the name of the bucket to store backups in. Required.
    bucket: ${BUCKET_NAME}
    # caCert defines a base64 encoded CA bundle to use when verifying TLS connections to the provider.
    caCert:
    # prefix is the directory under which all Velero data should be stored within the bucket. Optional.
    prefix: "backups"
    # Additional provider-specific configuration. See link above
    # for details of required/optional fields for your provider.
    config:
    #  region:
    #  s3ForcePathStyle:
    #  s3Url:
    #  kmsKeyId:
    #  resourceGroup:
    #  The ID of the subscription containing the storage account, if different from the cluster’s subscription. (Azure only)
    #  subscriptionId:
    #  storageAccount:
    #  publicUrl:
    #  Name of the GCP service account to use for this backup storage location. Specify the
    #  service account here if you want to use workload identity instead of providing the key file.(GCP only)
     serviceAccount: "velero-ops"

  # Parameters for the `default` VolumeSnapshotLocation. See
  # https://velero.io/docs/v1.4/api-types/volumesnapshotlocation/
  volumeSnapshotLocation:
    # name is the name of the volume snapshot location where snapshots are being taken. Required.
    name:
    # provider is the name for the volume snapshot provider. If omitted
    # `configuration.provider` will be used instead.
    provider: gcp
    # Additional provider-specific configuration. See link above
    # for details of required/optional fields for your provider.
    config:
  #    region:
  #    apitimeout:
  #    resourceGroup:
  #    The ID of the subscription where volume snapshots should be stored, if different from the cluster’s subscription. If specified, also requires `configuration.volumeSnapshotLocation.config.resourceGroup`to be set. (Azure only)
  #    subscriptionId:
     snapshotLocation: asia-southeast1
  #    project:

  # These are server-level settings passed as CLI flags to the `velero server` command. Velero
  # uses default values if they're not passed in, so they only need to be explicitly specified
  # here if using a non-default value. The `velero server` default values are shown in the
  # comments below.
  # --------------------
  # `velero server` default: 1m
  backupSyncPeriod:
  # `velero server` default: 1h
  resticTimeout:
  # `velero server` default: namespaces,persistentvolumes,persistentvolumeclaims,secrets,configmaps,serviceaccounts,limitranges,pods
  restoreResourcePriorities:
  # `velero server` default: false
  restoreOnlyMode:

  # additional key/value pairs to be used as environment variables such as "AWS_CLUSTER_NAME: 'yourcluster.domain.tld'"
  extraEnvVars: {}

  # Comma separated list of velero feature flags. default: empty
  features: "EnableCSI"

  # Set log-level for Velero pod. Default: info. Other options: debug, warning, error, fatal, panic.
  logLevel:

  # Set log-format for Velero pod. Default: text. Other option: json.
  logFormat:

##
## End of backup/snapshot location settings.
##

##
## Settings for additional Velero resources.
##

rbac:
  # Whether to create the Velero role and role binding to give all permissions to the namespace to Velero.
  create: true
  # Whether to create the cluster role binding to give administrator permissions to Velero
  clusterAdministrator: true

# Information about the Kubernetes service account Velero uses.
serviceAccount:
  server:
    create: true
    name:
    annotations:

# Info about the secret to be used by the Velero deployment, which
# should contain credentials for the cloud provider IAM account you've
# set up for Velero.
credentials:
  # Whether a secret should be used as the source of IAM account
  # credentials. Set to false if, for example, using kube2iam or
  # kiam to provide IAM credentials for the Velero pod.
  useSecret: true
  # Name of a pre-existing secret (if any) in the Velero namespace
  # that should be used to get IAM account credentials. Optional.
  existingSecret:
  # Data to be stored in the Velero secret, if `useSecret` is
  # true and `existingSecret` is empty. This should be the contents
  # of your IAM credentials file.
  secretContents: {}
  # additional key/value pairs to be used as environment variables such as "DIGITALOCEAN_TOKEN: <your-key>". Values will be stored in the secret.
  extraEnvVars: {}

# Whether to create backupstoragelocation crd, if false => do not create a default backup location
backupsEnabled: true
# Whether to create volumesnapshotlocation crd, if false => disable snapshot feature
snapshotsEnabled: true

# Whether to deploy the restic daemonset.
deployRestic: false

restic:
  podVolumePath: /var/lib/kubelet/pods
  privileged: false
  # Pod priority class name to use for the Restic daemonset. Optional.
  priorityClassName: {}
  # Resource requests/limits to specify for the Restic daemonset deployment. Optional.
  resources: {}
  # Tolerations to use for the Restic daemonset. Optional.
  tolerations: []

  # Extra volumes for the Restic daemonset. Optional.
  extraVolumes: []

  # Extra volumeMounts for the Restic daemonset. Optional.
  extraVolumeMounts: []

  # SecurityContext to use for the Velero deployment. Optional.
  # Set fsGroup for `AWS IAM Roles for Service Accounts`
  # see more informations at: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
  securityContext: {}
    # fsGroup: 1337

# Backup schedules to create.
# Eg:
schedules:
  cluster-backup:
    schedule: "0 7 * * *"
    template:
      ttl: "240h"
      storageLocation: default
      snapshotVolumes: true
      includedNamespaces:
       - '*'
      includedResources:
       - '*'

# Velero ConfigMaps.
# Eg:
# configMaps:
#   restic-restore-action-config:
#     labels:
#       velero.io/plugin-config: ""
#       velero.io/restic: RestoreItemAction
#     data:
#       image: velero/velero-restic-restore-helper:v1.3.1
configMaps: {}

##
## End of additional Velero resource settings.
##
angelbulas commented 4 years ago

Just in case someone still have issues with BackupStorageLocation CRD, I just wipe out my chart and remove manually all this creds because when you uninstall the chart does not remove them:

backups.velero.io backupstoragelocations.velero.io deletebackuprequests.velero.io
downloadrequests.velero.io
podvolumebackups.velero.io
podvolumerestores.velero.io resticrepositories.velero.io restores.velero.io schedules.velero.io serverstatusrequests.velero.io
volumesnapshotlocations.velero.io

After that i just reinstall (I'm using helm chart 2.13.3 and velero v1.4.2 because im on azure) and everything worked as expected.

jenting commented 4 years ago

Just in case someone still have issues with BackupStorageLocation CRD, I just wipe out my chart and remove manually all this creds because when you uninstall the chart does not remove them:

backups.velero.io

backupstoragelocations.velero.io

deletebackuprequests.velero.io

downloadrequests.velero.io

podvolumebackups.velero.io

podvolumerestores.velero.io

resticrepositories.velero.io

restores.velero.io

schedules.velero.io

serverstatusrequests.velero.io

volumesnapshotlocations.velero.io

After that i just reinstall (I'm using helm chart 2.13.3 and velero v1.4.2 because im on azure) and everything worked as expected.

Thanks, it gives me the hint and I remember that helm did not perform upgrade CRDs during helm upgrade.

sharaddumoliya commented 3 years ago

I am also getting error: Validation errors: a BackupStorageLocation CRD with the name specified in the backup spec needs to be created before this backup can be executed. Error: BackupStorageLocation.velero.io "default" not found

But I can see crds:

[ec2-user@bastion ~]$ velero backup-location get NAME PROVIDER BUCKET/PREFIX ACCESS MODE aws aws velero-msra-backups ReadWrite default aws velero-msra-backups ReadWrite

[ec2-user@bastion ~]$ kc get BackupStorageLocation -A NAMESPACE NAME AGE velero aws 55m velero default 10m

jenting commented 3 years ago

I am also getting error:

Validation errors: a BackupStorageLocation CRD with the name specified in the backup spec needs to be created before this backup can be executed. Error: BackupStorageLocation.velero.io "default" not found

But I can see crds:

[ec2-user@bastion ~]$ velero backup-location get

NAME PROVIDER BUCKET/PREFIX ACCESS MODE

aws aws velero-msra-backups ReadWrite

default aws velero-msra-backups ReadWrite

[ec2-user@bastion ~]$ kc get BackupStorageLocation -A

NAMESPACE NAME AGE

velero aws 55m

velero default 10m

Are you using GitOps tool like ArgoCD or Flux?

carlisia commented 3 years ago

Hey everyone. There's a lot of chatter in this issue. I'm going to give a general troubleshooting solution.

Assuming you have v1.5.

Update your Velero CRDs: v install --crds-only --dry-run -o yaml | kubectl apply -f -

After this, create or recreate your BSL. Do velero get backup-locations. If in the PHASE column you see that the BSL is marked as Available, then all is good. Otherwise, the Velero log will tell you why you BSL failed to be validated. Until the BSL is marked as Available backups won't be able to be created.

carlisia commented 3 years ago

For anyone having issues with "default" BSL, please see this explanation of what Velero expects: https://github.com/vmware-tanzu/helm-charts/issues/102#issuecomment-663257541.

Ad-squareops commented 1 year ago

can anyone help me i am getting below error while creating backup from velero Phase: FailedValidation

Validation errors: provider aws has more than one possible volume snapshot location, and none were specified explicitly or as a default

helm chart values i am using are below-
##
## Configuration settings that directly affect the Velero deployment YAML.
##

# Details of the container image to use in the Velero deployment & daemonset (if
# enabling node-agent). Required.
image:
  repository: velero/velero
  tag: v1.10.0
  # Digest value example: sha256:d238835e151cec91c6a811fe3a89a66d3231d9f64d09e5f3c49552672d271f38.
  # If used, it will take precedence over the image.tag.
  # digest:
  pullPolicy: IfNotPresent
  # One or more secrets to be used when pulling images
  imagePullSecrets: []
  # - registrySecretName

# Annotations to add to the Velero deployment's. Optional.
#
# If you are using reloader use the following annotation with your VELERO_SECRET_NAME
annotations: {}
# secret.reloader.stakater.com/reload: "<VELERO_SECRET_NAME>"

# Labels to add to the Velero deployment's. Optional.
labels: {}

# Annotations to add to the Velero deployment's pod template. Optional.
#
# If using kube2iam or kiam, use the following annotation with your AWS_ACCOUNT_ID
# and VELERO_ROLE_NAME filled in:
podAnnotations: 
    iam.amazonaws.com/role: "arn:aws:iam::xxxx:xxx/xxxxxxx"

# Additional pod labels for Velero deployment's template. Optional
# ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
podLabels: {}

# Resource requests/limits to specify for the Velero deployment.
# https://velero.io/docs/v1.6/customize-installation/#customize-resource-requests-and-limits
resources:
  requests:
    cpu: 500m
    memory: 128Mi
  limits:
    cpu: 1000m
    memory: 512Mi

# Configure the dnsPolicy of the Velero deployment
# See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
dnsPolicy: ClusterFirst

# Init containers to add to the Velero deployment's pod spec. At least one plugin provider image is required.
# If the value is a string then it is evaluated as a template.
initContainers:
   - name: velero-plugin-for-aws
     image: velero/velero-plugin-for-aws:latest
     imagePullPolicy: IfNotPresent
     volumeMounts:
       - mountPath: /target
         name: plugins
  # - name: velero-plugin-for-aws
  #   image: velero/velero-plugin-for-aws:v1.5.2
  #   imagePullPolicy: IfNotPresent
  #   volumeMounts:
  #     - mountPath: /target
  #       name: plugins

# SecurityContext to use for the Velero deployment. Optional.
# Set fsGroup for `AWS IAM Roles for Service Accounts`
# see more informations at: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
podSecurityContext: 
   #fsGroup: 1337

# Container Level Security Context for the 'velero' container of the Velero deployment. Optional.
# See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
containerSecurityContext: {}
  # allowPrivilegeEscalation: false
  # capabilities:
  #   drop: ["ALL"]
  #   add: []
  # readOnlyRootFilesystem: true

# Container Lifecycle Hooks to use for the Velero deployment. Optional.
lifecycle: {}

# Pod priority class name to use for the Velero deployment. Optional.
priorityClassName: ""

# The number of seconds to allow for graceful termination of the pod. Optional.
terminationGracePeriodSeconds: 3600

# Tolerations to use for the Velero deployment. Optional.
tolerations: []

# Affinity to use for the Velero deployment. Optional.
affinity: {}

# Node selector to use for the Velero deployment. Optional.
nodeSelector: {}

# DNS configuration to use for the Velero deployment. Optional.
dnsConfig: {}

# Extra volumes for the Velero deployment. Optional.
extraVolumes: []

# Extra volumeMounts for the Velero deployment. Optional.
extraVolumeMounts: []

# Extra K8s manifests to deploy
extraObjects: []
  # - apiVersion: secrets-store.csi.x-k8s.io/v1
  #   kind: SecretProviderClass
  #   metadata:
  #     name: velero-secrets-store
  #   spec:
  #     provider: aws
  #     parameters:
  #       objects: |
  #         - objectName: "velero"
  #           objectType: "secretsmanager"
  #           jmesPath:
  #               - path: "access_key"
  #                 objectAlias: "access_key"
  #               - path: "secret_key"
  #                 objectAlias: "secret_key"
  #     secretObjects:
  #       - data:
  #         - key: access_key
  #           objectName: client-id
  #         - key: client-secret
  #           objectName: client-secret
  #         secretName: velero-secrets-store
  #         type: Opaque

# Settings for Velero's prometheus metrics. Enabled by default.
metrics:
  enabled: true
  scrapeInterval: 30s
  scrapeTimeout: 10s

  # service metdata if metrics are enabled
  service:
    annotations: {}
    labels: {}

  # Pod annotations for Prometheus
  podAnnotations:
    prometheus.io/scrape: "true"
    prometheus.io/port: "8085"
    prometheus.io/path: "/metrics"

  serviceMonitor:
    autodetect: true
    enabled: false
    annotations: {}
    additionalLabels: {}
    # ServiceMonitor namespace. Default to Velero namespace.
    # namespace:
    # ServiceMonitor connection scheme. Defaults to HTTP.
    # scheme: ""
    # ServiceMonitor connection tlsConfig. Defaults to {}.
    # tlsConfig: {}

  prometheusRule:
    enabled: false
    # Additional labels to add to deployed PrometheusRule
    additionalLabels: {}
    # PrometheusRule namespace. Defaults to Velero namespace.
    # namespace: ""
    # Rules to be deployed
    spec: []
    # - alert: VeleroBackupPartialFailures
    #   annotations:
    #     message: Velero backup {{ $labels.schedule }} has {{ $value | humanizePercentage }} partialy failed backups.
    #   expr: |-
    #     velero_backup_partial_failure_total{schedule!=""} / velero_backup_attempt_total{schedule!=""} > 0.25
    #   for: 15m
    #   labels:
    #     severity: warning
    # - alert: VeleroBackupFailures
    #   annotations:
    #     message: Velero backup {{ $labels.schedule }} has {{ $value | humanizePercentage }} failed backups.
    #   expr: |-
    #     velero_backup_failure_total{schedule!=""} / velero_backup_attempt_total{schedule!=""} > 0.25
    #   for: 15m
    #   labels:
    #     severity: warning

kubectl:
  image:
    repository: docker.io/bitnami/kubectl
    # Digest value example: sha256:d238835e151cec91c6a811fe3a89a66d3231d9f64d09e5f3c49552672d271f38.
    # If used, it will take precedence over the kubectl.image.tag.
    # digest:
    # kubectl image tag. If used, it will take precedence over the cluster Kubernetes version.
    # tag: 1.16.15
  # Container Level Security Context for the 'kubectl' container of the crd jobs. Optional.
  # See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  containerSecurityContext: {}
  # Resource requests/limits to specify for the upgrade/cleanup job. Optional
  resources: {}
  # Annotations to set for the upgrade/cleanup job. Optional.
  annotations: {}
  # Labels to set for the upgrade/cleanup job. Optional.
  labels: {}

# This job upgrades the CRDs.
upgradeCRDs: true

# This job is meant primarily for cleaning up CRDs on CI systems.
# Using this on production systems, especially those that have multiple releases of Velero, will be destructive.
cleanUpCRDs: false

##
## End of deployment-related settings.
##

##
## Parameters for the `default` BackupStorageLocation and VolumeSnapshotLocation,
## and additional server settings.
##
configuration:
  # Cloud provider being used (e.g. aws, azure, gcp).
  provider: aws

  # Parameters for the `default` BackupStorageLocation. See
  # https://velero.io/docs/v1.6/api-types/backupstoragelocation/
  backupStorageLocation:
    # name is the name of the backup storage location where backups should be stored. If a name is not provided,
    # a backup storage location will be created with the name "default". Optional.
    name: <bucket name>
    # provider is the name for the backup storage location provider. If omitted
    # `configuration.provider` will be used instead.
    provider:
    # bucket is the name of the bucket to store backups in. Required.
    bucket: <bucket name>
    # caCert defines a base64 encoded CA bundle to use when verifying TLS connections to the provider. Optional.
    caCert:
    # prefix is the directory under which all Velero data should be stored within the bucket. Optional.
    prefix:
    # default indicates this location is the default backup storage location. Optional.
    default:
    # accessMode determines if velero can write to this backup storage location. Optional.
    # default to ReadWrite, ReadOnly is used during migrations and restores.
    accessMode: ReadWrite
    # Additional provider-specific configuration. See link above
    # for details of required/optional fields for your provider.
    config: 
      region: us-west-2
    #  s3ForcePathStyle:
    #  s3Url:
    #  kmsKeyId:
    #  resourceGroup:
    #  The ID of the subscription containing the storage account, if different from the cluster’s subscription. (Azure only)
    #  subscriptionId:
    #  storageAccount:
    #  publicUrl:
    #  Name of the GCP service account to use for this backup storage location. Specify the
    #  service account here if you want to use workload identity instead of providing the key file.(GCP only)
    #  serviceAccount:
    #  Option to skip certificate validation or not if insecureSkipTLSVerify is set to be true, the client side should set the
    #  flag. For Velero client Command like velero backup describe, velero backup logs needs to add the flag --insecure-skip-tls-verify
    #  insecureSkipTLSVerify:

  # Parameters for the `default` VolumeSnapshotLocation. See
  # https://velero.io/docs/v1.6/api-types/volumesnapshotlocation/
  volumeSnapshotLocation:
    # name is the name of the volume snapshot location where snapshots are being taken. Required.
    name: 
    # provider is the name for the volume snapshot provider. If omitted
    # `configuration.provider` will be used instead.
    provider: 
    # Additional provider-specific configuration. See link above
    # for details of required/optional fields for your provider.
    config: {}
  #    region: us-west-2
  #    apiTimeout:
  #    resourceGroup:
  #    The ID of the subscription where volume snapshots should be stored, if different from the cluster’s subscription. If specified, also requires `configuration.volumeSnapshotLocation.config.resourceGroup`to be set. (Azure only)
  #    subscriptionId:
  #    incremental:
  #    snapshotLocation: adi-tets
  #    project:

  # These are server-level settings passed as CLI flags to the `velero server` command. Velero
  # uses default values if they're not passed in, so they only need to be explicitly specified
  # here if using a non-default value. The `velero server` default values are shown in the
  # comments below.
  # --------------------
  # `velero server` default: restic
  uploaderType:
  # `velero server` default: 1m
  backupSyncPeriod:
  # `velero server` default: 4h
  fsBackupTimeout:
  # `velero server` default: 30
  clientBurst:
  # `velero server` default: 500
  clientPageSize:
  # `velero server` default: 20.0
  clientQPS:
  # Name of the default backup storage location. Default: default
  defaultBackupStorageLocation: 
  # How long to wait by default before backups can be garbage collected. Default: 72h
  defaultBackupTTL:
  # Name of the default volume snapshot location.
  defaultVolumeSnapshotLocations: 
  # `velero server` default: empty
  disableControllers:
  # `velero server` default: 1h
  garbageCollectionFrequency:
  # Set log-format for Velero pod. Default: text. Other option: json.
  logFormat:
  # Set log-level for Velero pod. Default: info. Other options: debug, warning, error, fatal, panic.
  logLevel:
  # The address to expose prometheus metrics. Default: :8085
  metricsAddress:
  # Directory containing Velero plugins. Default: /plugins
  pluginDir:
  # The address to expose the pprof profiler. Default: localhost:6060
  profilerAddress:
  # `velero server` default: false
  restoreOnlyMode:
  # `velero server` default: customresourcedefinitions,namespaces,storageclasses,volumesnapshotclass.snapshot.storage.k8s.io,volumesnapshotcontents.snapshot.storage.k8s.io,volumesnapshots.snapshot.storage.k8s.io,persistentvolumes,persistentvolumeclaims,secrets,configmaps,serviceaccounts,limitranges,pods,replicasets.apps,clusterclasses.cluster.x-k8s.io,clusters.cluster.x-k8s.io,clusterresourcesets.addons.cluster.x-k8s.io
  restoreResourcePriorities:
  # `velero server` default: 1m
  storeValidationFrequency:
  # How long to wait on persistent volumes and namespaces to terminate during a restore before timing out. Default: 10m
  terminatingResourceTimeout:
  # Comma separated list of velero feature flags. default: empty
  # features: EnableCSI
  features:
  # `velero server` default: velero
  namespace:

  # additional key/value pairs to be used as environment variables such as "AWS_CLUSTER_NAME: 'yourcluster.domain.tld'"
  extraEnvVars: {}

  # Set true for backup all pod volumes without having to apply annotation on the pod when used file system backup Default: false.
  defaultVolumesToFsBackup:

  # How often repository maintain is run for repositories by default.
  defaultRepoMaintainFrequency:

##
## End of backup/snapshot location settings.
##

##
## Settings for additional Velero resources.
##

rbac:
  # Whether to create the Velero role and role binding to give all permissions to the namespace to Velero.
  create: true
  # Whether to create the cluster role binding to give administrator permissions to Velero
  clusterAdministrator: true
  # Name of the ClusterRole.
  clusterAdministratorName: cluster-admin

# Information about the Kubernetes service account Velero uses.
serviceAccount:
  server:
    create: true
    name:
    annotations:
    labels:

# Info about the secret to be used by the Velero deployment, which
# should contain credentials for the cloud provider IAM account you've
# set up for Velero.
credentials:
  # Whether a secret should be used. Set to false if, for examples:
  # - using kube2iam or kiam to provide AWS IAM credentials instead of providing the key file. (AWS only)
  # - using workload identity instead of providing the key file. (GCP only)
  useSecret: true
  # Name of the secret to create if `useSecret` is true and `existingSecret` is empty
  name:
  # Name of a pre-existing secret (if any) in the Velero namespace
  # that should be used to get IAM account credentials. Optional.
  existingSecret:
  # Data to be stored in the Velero secret, if `useSecret` is true and `existingSecret` is empty.
  # As of the current Velero release, Velero only uses one secret key/value at a time.
  # The key must be named `cloud`, and the value corresponds to the entire content of your IAM credentials file.
  # Note that the format will be different for different providers, please check their documentation.
  # Here is a list of documentation for plugins maintained by the Velero team:
  # [AWS] https://github.com/vmware-tanzu/velero-plugin-for-aws/blob/main/README.md
  # [GCP] https://github.com/vmware-tanzu/velero-plugin-for-gcp/blob/main/README.md
  # [Azure] https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure/blob/main/README.md
  secretContents: 
    cloud: |
      [default]
      aws_access_key_id=xxxxxxxxxxxxxxxxxxxxxxxxxxx
      aws_secret_access_key=xxxxxxxxxxxxxxxxxxxxxxxxxx
  # additional key/value pairs to be used as environment variables such as "DIGITALOCEAN_TOKEN: <your-key>". Values will be stored in the secret.
  extraEnvVars: {}
  # Name of a pre-existing secret (if any) in the Velero namespace
  # that will be used to load environment variables into velero and node-agent.
  # Secret should be in format - https://kubernetes.io/docs/concepts/configuration/secret/#use-case-as-container-environment-variables
  extraSecretRef: ""

# Whether to create backupstoragelocation crd, if false => do not create a default backup location
backupsEnabled: true
# Whether to create volumesnapshotlocation crd, if false => disable snapshot feature
snapshotsEnabled: true

# Whether to deploy the node-agent daemonset.
deployNodeAgent: false

nodeAgent:
  podVolumePath: /var/lib/kubelet/pods
  privileged: false
  # Pod priority class name to use for the node-agent daemonset. Optional.
  priorityClassName: ""
  # Resource requests/limits to specify for the node-agent daemonset deployment. Optional.
  # https://velero.io/docs/v1.6/customize-installation/#customize-resource-requests-and-limits
  resources:
    requests:
      cpu: 500m
      memory: 512Mi
    limits:
      cpu: 1000m
      memory: 1024Mi

  # Tolerations to use for the node-agent daemonset. Optional.
  tolerations: []

  # Annotations to set for the node-agent daemonset. Optional.
  annotations: {}

  # labels to set for the node-agent daemonset. Optional.
  labels: {}

  # will map /scratch to emptyDir. Set to false and specify your own volume
  # via extraVolumes and extraVolumeMounts that maps to /scratch
  # if you don't want to use emptyDir.
  useScratchEmptyDir: true

  # Extra volumes for the node-agent daemonset. Optional.
  extraVolumes: []

  # Extra volumeMounts for the node-agent daemonset. Optional.
  extraVolumeMounts: []

  # Key/value pairs to be used as environment variables for the node-agent daemonset. Optional.
  extraEnvVars: {}

  # Configure the dnsPolicy of the node-agent daemonset
  # See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
  dnsPolicy: ClusterFirst

  # SecurityContext to use for the Velero deployment. Optional.
  # Set fsGroup for `AWS IAM Roles for Service Accounts`
  # see more informations at: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
  podSecurityContext:
    runAsUser: 0
    #fsGroup: 1337

  # Container Level Security Context for the 'node-agent' container of the node-agent daemonset. Optional.
  # See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  containerSecurityContext: {}

  # Container Lifecycle Hooks to use for the node-agent daemonset. Optional.
  lifecycle: {}

  # Node selector to use for the node-agent daemonset. Optional.
  nodeSelector: {}

  # Affinity to use with node-agent daemonset. Optional.
  affinity: {}

  # DNS configuration to use for the node-agent daemonset. Optional.
  dnsConfig: {}

# Backup schedules to create.
# Eg:
# schedules:
#   mybackup:
#     disabled: false
#     labels:
#       myenv: foo
#     annotations:
#       myenv: foo
#     schedule: "0 0 * * *"
#     useOwnerReferencesInBackup: false
#     template:
#       ttl: "240h"
#       includedNamespaces:
#       - foo
schedules: {}

# Velero ConfigMaps.
# Eg:
# configMaps:
#   fs-restore-action-config:
#     labels:
#       velero.io/plugin-config: ""
#       velero.io/pod-volume-restore: RestoreItemAction
#     data:
#       image: velero/velero-restore-helper:v1.10.0
configMaps: {}

##
## End of additional Velero resource settings.
##