CarpathianUA
commented
4 years ago Experiencing the same
Closed ahmadhajali closed 4 years ago
CarpathianUA
commented
4 years ago Experiencing the same
yadachi
commented
4 years ago it was same for me.
but it turns out that I need to specify storage location in my backup
by default a backup job look for a storage location name default not aws
ahmadhajali
commented
4 years ago I changed the storage location to default, but in the previous velero version, it accepts different values. Is it a new behavior?
yadachi
commented
4 years ago looks like it changed from default to backupStorageLocation.name recently here
if you leave name empty then, it will fall back to default but the comment does mislead you bit there.
I wonder if we can pass --default-backup-storage-location option that cli installation has in helm chart.
ahmadhajali
commented
4 years ago will give it a try
optimus-kart
commented
4 years ago Facing the same issue and solutions?
optimus-kart
commented
4 years ago And seriously the documentation needs an update :/
adamrushuk
commented
4 years ago Facing the same issue and solutions?
I've just had this error, and fixed it.
If you've specified a value for configuration.backupStorageLocation.name, ensure you specify the same name in schedules.<YOUR_SCHEDULE_NAME>.template.storageLocation
dguyhasnoname
commented
4 years ago Here is what worked for me:
- name: velero-plugin-for-aws
image: velero/velero-plugin-for-aws:v1.1.0
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /target
name: plugins
metrics:
enabled: true
scrapeInterval: 30s
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8085"
prometheus.io/path: "/metrics"
serviceMonitor:
enabled: true
additionalLabels: {}
configuration:
provider: aws
backupStorageLocation:
name: aws
bucket: ${bucket-name}
prefix: backup
config:
kmsKeyId: $KeyId}
region: ${region}
volumeSnapshotLocation:
name: aws
config:
region: ${region}
logLevel: debug
credentials:
useSecret: false
deployRestic: false
schedules:
hourly-backup:
schedule: "* * * * *"
template:
includeClusterResources: true
includedNamespaces:
- '*'
includedResources:
- '*'
storageLocation: aws
snapshotVolumes: true
ttl: 720h0m0s```
bclouser
commented
4 years ago Not sure what the state of this was. I have been hitting a similar (if not identical) issue in the latest 2.12.0 helm chart installed fresh when trying to create a backup. Worth noting i am using helm3
I am able to "launch" the backup process, but it fails with validation error:
Phase: FailedValidation
Validation errors: a BackupStorageLocation CRD with the name specified in the backup spec needs to be created before this backup can be executed. Error: backupstoragelocation.velero.io "default" not foundI have tried quite a number of things, including adding --exclude-resource crd and this issue remains.
There is quite some discussion around crds and how to handle them in the issues here and in the main velero repo, so perhaps things are just churning right now.... it does seem that 2.12.0 isn't the most stable of releases :stuck_out_tongue:
davidgibbons
commented
4 years ago @bclouser I believe I got it working with that version of the helm chart. The main thing I did was specify a non-default name for the backupstoragelocation and then remove any of the resources that pointed to the 'default' location.
mshivanna
commented
4 years ago Release 2.12.0 had BackupStorageLocation crd's name hardcoded to default.
apiVersion: velero.io/v1
kind: BackupStorageLocation
metadata:
name: defaultFixed in latest version
{{- if .Values.backupsEnabled }}
apiVersion: velero.io/v1
kind: BackupStorageLocation
metadata:
name: {{ include "velero.backupStorageLocation.name" . }}Hmmm
I have blown away all the crds created from velero's helm chart and then installed fresh with v2.12.0 (a number of times)
my config file looks like this:
configuration:
provider: aws
backupStorageLocation:
name: aws
bucket: tx-eks-torizon-k8s-backup
config:
region: us-east-1
volumeSnapshotLocation:
name: aws
config:
region: us-east-1
snapshotsEnabled: true
credentials:
existingSecret: cloud-credentials
# Backup schedules to create.
schedules:
aws-default:
schedule: "0 0 * * *"
template:
ttl: "240h"
includedNamespaces:
- default
aws-others:
schedule: "0 0 * * *"
template:
ttl: "240h"
excludedNamespaces:
- default
snapshotVolumes: false
initContainers:
- name: velero-plugin-for-aws
image: velero/velero-plugin-for-aws:v1.1.0
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /target
name: pluginsand when i create a backup i see the same error, and I even went in and described the BackupResource using kubectl
$ k describe backup bens-totally-random-backup3 -n velero
Name: bens-totally-random-backup3
Namespace: velero
Labels: velero.io/storage-location=default
Annotations: <none>
API Version: velero.io/v1
Kind: Backup
Metadata:
Creation Timestamp: 2020-07-23T21:05:00Z
Generation: 2
Resource Version: 53345180
Self Link: /apis/velero.io/v1/namespaces/velero/backups/bens-totally-random-backup3
UID: 2bc8ad74-cd28-11ea-aa0a-0e379dd2f475
Spec:
Hooks:
Included Namespaces:
*
Storage Location: default
Ttl: 720h0m0s
Volume Snapshot Locations:
aws
Status:
Expiration: 2020-08-22T21:05:00Z
Phase: FailedValidation
Validation Errors:
a BackupStorageLocation CRD with the name specified in the backup spec needs to be created before this backup can be executed. Error: backupstoragelocation.velero.io "default" not found
Version: 1
Events: <none>notice the: Storage Location: default
Additionally, on the cli i found this command
$ velero backup-location get
NAME PROVIDER BUCKET/PREFIX ACCESS MODE
aws aws tx-eks-torizon-k8s-backup ReadWriteso according to cli, velero has the correct location set, however it uses "default" during resource creation :/
I am starting to dig through the code to find out where exactly velero is getting this BackupLocation... Kind of surprised I am the only one with this issue. Our AWS cluster is older than most, currently using 1.13.12 eks so perhaps an api request is failing silently in the velero golang app or is handling unexpected data in a response and therefore uses "default"
:shrug:
carlisia
commented
4 years ago I'm looking into this.
carlisia
commented
4 years ago I noticed this is happening.
carlisia
commented
4 years ago @bclouser just to try and unblock you:
so according to cli, velero has the correct location set, however it uses "default" during resource creation :/
Velero uses "default" by default, in other words, it uses that unless you specify a storage location name during backup creation. I see that your backup was created against a BSL named "default", but the cli shows you only have a BSL named "aws". If you edit the backupstoragelocations.velero.io/aws to backupstoragelocations.velero.io/default it would be a quick fix to this. Alternatively, when you run the backup create, pass the name of the aws BSL.
I'm still looking into how to keep ppl from running into this, might just be a documentation issue.
carlisia
commented
4 years ago I myself just did the same thing, had a BSL named something other than "default" and created a backup w/o specifying what that BSL name was.
bclouser
commented
4 years ago oh heck yeah @carlisia! That certainly works, thank you soo much! I hadn't noticed that --storage-location param
for posterity i ran this
velero backup create bens-new-random-backup --storage-location awsHahaha good! Don't beat yourself up, it is NOT intuitive!
We are going to change our CLI on v1.6 to make this easier to discover.
carlisia
commented
4 years ago Hey @ahmadhajali thanks for bringing this up to our attention. If you are still having trouble, please see this explanation:
https://github.com/vmware-tanzu/helm-charts/issues/102#issuecomment-663257541
I added a PR to fix the documentation: https://github.com/vmware-tanzu/helm-charts/pull/128.
sharkymcdongles
commented
4 years ago @carlisia is there a possibility of having an annotation to set a default BSL even if the name differs?
eduartua
commented
4 years ago Hey @bclouser how did you fix it? I have the same issue with GCP. Installed using latest helm This is part of a backup:
spec:
hooks: {}
storageLocation: default
ttl: 720h0m0s
volumeSnapshotLocations:
- gcp
status:
expiration: "2020-09-27T00:25:42Z"
formatVersion: 1.1.0
phase: FailedValidation
validationErrors:
- 'a BackupStorageLocation CRD with the name specified in the backup spec needs
to be created before this backup can be executed. Error: backupstoragelocation.velero.ioAnd this is the BSL created:
apiVersion: velero.io/v1
kind: BackupStorageLocation
metadata:
annotations:
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation
creationTimestamp: "2020-08-28T00:25:46Z"
generation: 9
labels:
app.kubernetes.io/instance: velero
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: velero
helm.sh/chart: velero-2.12.15
name: gcp
namespace: velero
resourceVersion: "1061592"
selfLink: /apis/velero.io/v1/namespaces/velero/backupstoragelocations/gcp
uid: xxx
spec:
config:
serviceAccount: SA@DOMAIN.iam.gserviceaccount.com
objectStorage:
bucket: xxx-backups
prefix: velero
provider: gcp
status:
lastSyncedTime: "2020-08-28T00:33:09.293000989Z"Velero version v1.4.2 Helm chart 2.12.15
zencircle
commented
4 years ago I am having the same issue on v1.15.0, works fine on v1.14.2
zico-dev
commented
4 years ago Hey, I am facing a similar issue, everytime I try to install the chart (aws/s3), I get the below error, but the pod seems to be running fine:
ec2-user@ip-xx.xx.xx.xx velero]$ helm install velero vmware-tanzu/velero --namespace velero -f values.yaml
coalesce.go:199: warning: destination for caCert is a table. Ignoring non-table value <nil>
Error: failed post-install: warning: Hook post-install velero/templates/backupstoragelocation.yaml failed: BackupStorageLocation.velero.io "aws" is invalid: []: Invalid value: map[string]interface {}{"apiVersion":"velero.io/v1", "kind":"BackupStorageLocation", "metadata":map[string]interface {}{"annotations":map[string]interface {}{"helm.sh/hook":"post-install,post-upgrade", "helm.sh/hook-delete-policy":"before-hook-creation"}, "creationTimestamp":"2020-09-15T15:18:03Z", "generation":1, "labels":map[string]interface {}{"app.kubernetes.io/instance":"velero", "app.kubernetes.io/managed-by":"Helm", "app.kubernetes.io/name":"velero", "helm.sh/chart":"velero-2.12.17"}, "name":"aws", "namespace":"velero", "uid":"xxx"}, "spec":map[string]interface {}{"objectStorage":map[string]interface {}{"bucket":"velero-test", "caCert":"map[format:<nil> type:<nil>]", "prefix":"eks-velero-backup"}, "provider":"aws"}}: validation failure list:
spec.objectStorage.caCert in body must be of type byte: "map[format:<nil> type:<nil>]"
Velero info:
[ec2-user@ip-xx.xx.xx.xx velero]$ velero version
Client:
Version: v1.4.0
Git commit: 5963650c9d64643daaf510ef93ac4a36b6483392
Server:
Version: v1.4.0
vitobotta
commented
4 years ago I'm having the same issue. Even if I create the backup storage location manually with
velero backup-location create default -n velero --bucket backups --prefix velero --config region=eu-central-1,s3Url=https://s3.eu-central-1.wasabisys.com --provider aws
Velero complains with: backupstoragelocations.velero.io \"default\" not found. The backup storage location exists:
❯ k get backupstoragelocations.velero.io -A
NAMESPACE NAME AGE
velero default 3m47sWhat can I do? Thanks
DanOfir
commented
4 years ago Hi, i am also facing the same issue Validation errors: a BackupStorageLocation CRD with the name specified in the backup spec needs to be created before this backup can be executed. Error: backupstoragelocation.velero.io "default" not found
but when looking on the installed CRD's and the original helm-chart CRD i can find only CRD with the name name: backupstoragelocations.velero.io pay attention to the extra s, locations, am i missing something?
~~using helm-chart version : 2.12.17 velero version: v1.4.2~~
this is not an issue, next comment by @adamrushuk what fixed it for me
adamrushuk
commented
4 years ago Facing the same issue and solutions?
I've just had this error, and fixed it.
If you've specified a value for
configuration.backupStorageLocation.name, ensure you specify the same name inschedules.<YOUR_SCHEDULE_NAME>.template.storageLocation
^ this is what fixed it for me; explicitly adding the storage location.
DanOfir
commented
4 years ago Hi,
so this is my configurations:
configuration:
provider: aws
backupStorageLocation:
name: aws
bucket: '${bucket}'
caCert: null
prefix: '${sub_folder}'
config:
region: '${region}'
schedules:
backup-all:
labels:
key: "value"
schedule: "*/2 * * * *"
template:
storageLocation: aws
ttl: "180h"and i receive this error:
validationErrors:
- 'a BackupStorageLocation CRD with the name specified in the backup spec needs
to be created before this backup can be executed. Error: backupstoragelocation.velero.io
"aws" not found'and storage location object exists:
BTW, when running backup manually: velero backup create test --storage-location aws it works without any issues
someone know how to solve this?
tvvignesh
commented
4 years ago @carlisia Hi. I tried both default and a custom location as well and both didn't work for me. I removed the chart, deleted all the CRDs manually and tried installing again. Still the same issue.
I am using 1.5.1 and so, I had even added all the source needed from this PR: https://github.com/vmware-tanzu/helm-charts/pull/163 and still I have the same issue.
I can see the backup locations both via CRD and via CLI
And the backups created are stuck in progress:
and the bucket is empty.
This is how my chart looks like.
image:
repository: velero/velero
tag: v1.5.1
# Digest value example: sha256:d238835e151cec91c6a811fe3a89a66d3231d9f64d09e5f3c49552672d271f38. If used, it will
# take precedence over the image.tag.
# digest:
pullPolicy: IfNotPresent
# One or more secrets to be used when pulling images
imagePullSecrets: []
# - registrySecretName
initContainers:
- name: velero-plugin-for-gcp
image: velero/velero-plugin-for-gcp:v1.1.0
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /target
name: plugins
# SecurityContext to use for the Velero deployment. Optional.
# Set fsGroup for `AWS IAM Roles for Service Accounts`
# see more informations at: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
securityContext:
fsGroup: 1337
runAsUser: 1000
# Settings for Velero's prometheus metrics. Enabled by default.
metrics:
enabled: true
# Pod annotations for Prometheus
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8085"
prometheus.io/path: "/metrics"
# Install CRDs as a templates. Enabled by default.
installCRDs: true
##
## End of deployment-related settings.
##
##
## Parameters for the `default` BackupStorageLocation and VolumeSnapshotLocation,
## and additional server settings.
##
configuration:
# Cloud provider being used (e.g. aws, azure, gcp).
provider: gcp
# Parameters for the `default` BackupStorageLocation. See
# https://velero.io/docs/v1.4/api-types/backupstoragelocation/
backupStorageLocation:
# name is the name of the backup storage location where backups should be stored. If a name is not provided,
# a backup storage location will be created with the name "default". Optional.
name: default
# provider is the name for the backup storage location provider. If omitted
# `configuration.provider` will be used instead.
provider: gcp
# bucket is the name of the bucket to store backups in. Required.
bucket: ${BUCKET_NAME}
# caCert defines a base64 encoded CA bundle to use when verifying TLS connections to the provider.
caCert:
# prefix is the directory under which all Velero data should be stored within the bucket. Optional.
prefix: "backups"
# Additional provider-specific configuration. See link above
# for details of required/optional fields for your provider.
config:
# region:
# s3ForcePathStyle:
# s3Url:
# kmsKeyId:
# resourceGroup:
# The ID of the subscription containing the storage account, if different from the cluster’s subscription. (Azure only)
# subscriptionId:
# storageAccount:
# publicUrl:
# Name of the GCP service account to use for this backup storage location. Specify the
# service account here if you want to use workload identity instead of providing the key file.(GCP only)
serviceAccount: "velero-ops"
# Parameters for the `default` VolumeSnapshotLocation. See
# https://velero.io/docs/v1.4/api-types/volumesnapshotlocation/
volumeSnapshotLocation:
# name is the name of the volume snapshot location where snapshots are being taken. Required.
name:
# provider is the name for the volume snapshot provider. If omitted
# `configuration.provider` will be used instead.
provider: gcp
# Additional provider-specific configuration. See link above
# for details of required/optional fields for your provider.
config:
# region:
# apitimeout:
# resourceGroup:
# The ID of the subscription where volume snapshots should be stored, if different from the cluster’s subscription. If specified, also requires `configuration.volumeSnapshotLocation.config.resourceGroup`to be set. (Azure only)
# subscriptionId:
snapshotLocation: asia-southeast1
# project:
# These are server-level settings passed as CLI flags to the `velero server` command. Velero
# uses default values if they're not passed in, so they only need to be explicitly specified
# here if using a non-default value. The `velero server` default values are shown in the
# comments below.
# --------------------
# `velero server` default: 1m
backupSyncPeriod:
# `velero server` default: 1h
resticTimeout:
# `velero server` default: namespaces,persistentvolumes,persistentvolumeclaims,secrets,configmaps,serviceaccounts,limitranges,pods
restoreResourcePriorities:
# `velero server` default: false
restoreOnlyMode:
# additional key/value pairs to be used as environment variables such as "AWS_CLUSTER_NAME: 'yourcluster.domain.tld'"
extraEnvVars: {}
# Comma separated list of velero feature flags. default: empty
features: "EnableCSI"
# Set log-level for Velero pod. Default: info. Other options: debug, warning, error, fatal, panic.
logLevel:
# Set log-format for Velero pod. Default: text. Other option: json.
logFormat:
##
## End of backup/snapshot location settings.
##
##
## Settings for additional Velero resources.
##
rbac:
# Whether to create the Velero role and role binding to give all permissions to the namespace to Velero.
create: true
# Whether to create the cluster role binding to give administrator permissions to Velero
clusterAdministrator: true
# Information about the Kubernetes service account Velero uses.
serviceAccount:
server:
create: true
name:
annotations:
# Info about the secret to be used by the Velero deployment, which
# should contain credentials for the cloud provider IAM account you've
# set up for Velero.
credentials:
# Whether a secret should be used as the source of IAM account
# credentials. Set to false if, for example, using kube2iam or
# kiam to provide IAM credentials for the Velero pod.
useSecret: true
# Name of a pre-existing secret (if any) in the Velero namespace
# that should be used to get IAM account credentials. Optional.
existingSecret:
# Data to be stored in the Velero secret, if `useSecret` is
# true and `existingSecret` is empty. This should be the contents
# of your IAM credentials file.
secretContents: {}
# additional key/value pairs to be used as environment variables such as "DIGITALOCEAN_TOKEN: <your-key>". Values will be stored in the secret.
extraEnvVars: {}
# Whether to create backupstoragelocation crd, if false => do not create a default backup location
backupsEnabled: true
# Whether to create volumesnapshotlocation crd, if false => disable snapshot feature
snapshotsEnabled: true
# Whether to deploy the restic daemonset.
deployRestic: false
restic:
podVolumePath: /var/lib/kubelet/pods
privileged: false
# Pod priority class name to use for the Restic daemonset. Optional.
priorityClassName: {}
# Resource requests/limits to specify for the Restic daemonset deployment. Optional.
resources: {}
# Tolerations to use for the Restic daemonset. Optional.
tolerations: []
# Extra volumes for the Restic daemonset. Optional.
extraVolumes: []
# Extra volumeMounts for the Restic daemonset. Optional.
extraVolumeMounts: []
# SecurityContext to use for the Velero deployment. Optional.
# Set fsGroup for `AWS IAM Roles for Service Accounts`
# see more informations at: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
securityContext: {}
# fsGroup: 1337
# Backup schedules to create.
# Eg:
schedules:
cluster-backup:
schedule: "0 7 * * *"
template:
ttl: "240h"
storageLocation: default
snapshotVolumes: true
includedNamespaces:
- '*'
includedResources:
- '*'
# Velero ConfigMaps.
# Eg:
# configMaps:
# restic-restore-action-config:
# labels:
# velero.io/plugin-config: ""
# velero.io/restic: RestoreItemAction
# data:
# image: velero/velero-restic-restore-helper:v1.3.1
configMaps: {}
##
## End of additional Velero resource settings.
##
angelbulas
commented
4 years ago Just in case someone still have issues with BackupStorageLocation CRD, I just wipe out my chart and remove manually all this creds because when you uninstall the chart does not remove them:
backups.velero.io
backupstoragelocations.velero.io
deletebackuprequests.velero.io
downloadrequests.velero.io
podvolumebackups.velero.io
podvolumerestores.velero.io
resticrepositories.velero.io
restores.velero.io
schedules.velero.io
serverstatusrequests.velero.io
volumesnapshotlocations.velero.io
After that i just reinstall (I'm using helm chart 2.13.3 and velero v1.4.2 because im on azure) and everything worked as expected.
jenting
commented
4 years ago Just in case someone still have issues with BackupStorageLocation CRD, I just wipe out my chart and remove manually all this creds because when you uninstall the chart does not remove them:
backups.velero.io
backupstoragelocations.velero.io
deletebackuprequests.velero.io
downloadrequests.velero.io
podvolumebackups.velero.io
podvolumerestores.velero.io
resticrepositories.velero.io
restores.velero.io
schedules.velero.io
serverstatusrequests.velero.io
volumesnapshotlocations.velero.io
After that i just reinstall (I'm using helm chart 2.13.3 and velero v1.4.2 because im on azure) and everything worked as expected.
Thanks, it gives me the hint and I remember that helm did not perform upgrade CRDs during helm upgrade.
sharaddumoliya
commented
3 years ago I am also getting error: Validation errors: a BackupStorageLocation CRD with the name specified in the backup spec needs to be created before this backup can be executed. Error: BackupStorageLocation.velero.io "default" not found
But I can see crds:
[ec2-user@bastion ~]$ velero backup-location get NAME PROVIDER BUCKET/PREFIX ACCESS MODE aws aws velero-msra-backups ReadWrite default aws velero-msra-backups ReadWrite
[ec2-user@bastion ~]$ kc get BackupStorageLocation -A NAMESPACE NAME AGE velero aws 55m velero default 10m
jenting
commented
3 years ago I am also getting error:
Validation errors: a BackupStorageLocation CRD with the name specified in the backup spec needs to be created before this backup can be executed. Error: BackupStorageLocation.velero.io "default" not found
But I can see crds:
[ec2-user@bastion ~]$ velero backup-location get
NAME PROVIDER BUCKET/PREFIX ACCESS MODE
aws aws velero-msra-backups ReadWrite
default aws velero-msra-backups ReadWrite
[ec2-user@bastion ~]$ kc get BackupStorageLocation -A
NAMESPACE NAME AGE
velero aws 55m
velero default 10m
Are you using GitOps tool like ArgoCD or Flux?
carlisia
commented
3 years ago Hey everyone. There's a lot of chatter in this issue. I'm going to give a general troubleshooting solution.
Assuming you have v1.5.
Update your Velero CRDs: v install --crds-only --dry-run -o yaml | kubectl apply -f -
After this, create or recreate your BSL. Do velero get backup-locations. If in the PHASE column you see that the BSL is marked as Available, then all is good. Otherwise, the Velero log will tell you why you BSL failed to be validated. Until the BSL is marked as Available backups won't be able to be created.
carlisia
commented
3 years ago For anyone having issues with "default" BSL, please see this explanation of what Velero expects: https://github.com/vmware-tanzu/helm-charts/issues/102#issuecomment-663257541.
Ad-squareops
commented
1 year ago can anyone help me i am getting below error while creating backup from velero Phase: FailedValidation
Validation errors: provider aws has more than one possible volume snapshot location, and none were specified explicitly or as a default
helm chart values i am using are below-
##
## Configuration settings that directly affect the Velero deployment YAML.
##
# Details of the container image to use in the Velero deployment & daemonset (if
# enabling node-agent). Required.
image:
repository: velero/velero
tag: v1.10.0
# Digest value example: sha256:d238835e151cec91c6a811fe3a89a66d3231d9f64d09e5f3c49552672d271f38.
# If used, it will take precedence over the image.tag.
# digest:
pullPolicy: IfNotPresent
# One or more secrets to be used when pulling images
imagePullSecrets: []
# - registrySecretName
# Annotations to add to the Velero deployment's. Optional.
#
# If you are using reloader use the following annotation with your VELERO_SECRET_NAME
annotations: {}
# secret.reloader.stakater.com/reload: "<VELERO_SECRET_NAME>"
# Labels to add to the Velero deployment's. Optional.
labels: {}
# Annotations to add to the Velero deployment's pod template. Optional.
#
# If using kube2iam or kiam, use the following annotation with your AWS_ACCOUNT_ID
# and VELERO_ROLE_NAME filled in:
podAnnotations:
iam.amazonaws.com/role: "arn:aws:iam::xxxx:xxx/xxxxxxx"
# Additional pod labels for Velero deployment's template. Optional
# ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
podLabels: {}
# Resource requests/limits to specify for the Velero deployment.
# https://velero.io/docs/v1.6/customize-installation/#customize-resource-requests-and-limits
resources:
requests:
cpu: 500m
memory: 128Mi
limits:
cpu: 1000m
memory: 512Mi
# Configure the dnsPolicy of the Velero deployment
# See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
dnsPolicy: ClusterFirst
# Init containers to add to the Velero deployment's pod spec. At least one plugin provider image is required.
# If the value is a string then it is evaluated as a template.
initContainers:
- name: velero-plugin-for-aws
image: velero/velero-plugin-for-aws:latest
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /target
name: plugins
# - name: velero-plugin-for-aws
# image: velero/velero-plugin-for-aws:v1.5.2
# imagePullPolicy: IfNotPresent
# volumeMounts:
# - mountPath: /target
# name: plugins
# SecurityContext to use for the Velero deployment. Optional.
# Set fsGroup for `AWS IAM Roles for Service Accounts`
# see more informations at: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
podSecurityContext:
#fsGroup: 1337
# Container Level Security Context for the 'velero' container of the Velero deployment. Optional.
# See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
containerSecurityContext: {}
# allowPrivilegeEscalation: false
# capabilities:
# drop: ["ALL"]
# add: []
# readOnlyRootFilesystem: true
# Container Lifecycle Hooks to use for the Velero deployment. Optional.
lifecycle: {}
# Pod priority class name to use for the Velero deployment. Optional.
priorityClassName: ""
# The number of seconds to allow for graceful termination of the pod. Optional.
terminationGracePeriodSeconds: 3600
# Tolerations to use for the Velero deployment. Optional.
tolerations: []
# Affinity to use for the Velero deployment. Optional.
affinity: {}
# Node selector to use for the Velero deployment. Optional.
nodeSelector: {}
# DNS configuration to use for the Velero deployment. Optional.
dnsConfig: {}
# Extra volumes for the Velero deployment. Optional.
extraVolumes: []
# Extra volumeMounts for the Velero deployment. Optional.
extraVolumeMounts: []
# Extra K8s manifests to deploy
extraObjects: []
# - apiVersion: secrets-store.csi.x-k8s.io/v1
# kind: SecretProviderClass
# metadata:
# name: velero-secrets-store
# spec:
# provider: aws
# parameters:
# objects: |
# - objectName: "velero"
# objectType: "secretsmanager"
# jmesPath:
# - path: "access_key"
# objectAlias: "access_key"
# - path: "secret_key"
# objectAlias: "secret_key"
# secretObjects:
# - data:
# - key: access_key
# objectName: client-id
# - key: client-secret
# objectName: client-secret
# secretName: velero-secrets-store
# type: Opaque
# Settings for Velero's prometheus metrics. Enabled by default.
metrics:
enabled: true
scrapeInterval: 30s
scrapeTimeout: 10s
# service metdata if metrics are enabled
service:
annotations: {}
labels: {}
# Pod annotations for Prometheus
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8085"
prometheus.io/path: "/metrics"
serviceMonitor:
autodetect: true
enabled: false
annotations: {}
additionalLabels: {}
# ServiceMonitor namespace. Default to Velero namespace.
# namespace:
# ServiceMonitor connection scheme. Defaults to HTTP.
# scheme: ""
# ServiceMonitor connection tlsConfig. Defaults to {}.
# tlsConfig: {}
prometheusRule:
enabled: false
# Additional labels to add to deployed PrometheusRule
additionalLabels: {}
# PrometheusRule namespace. Defaults to Velero namespace.
# namespace: ""
# Rules to be deployed
spec: []
# - alert: VeleroBackupPartialFailures
# annotations:
# message: Velero backup {{ $labels.schedule }} has {{ $value | humanizePercentage }} partialy failed backups.
# expr: |-
# velero_backup_partial_failure_total{schedule!=""} / velero_backup_attempt_total{schedule!=""} > 0.25
# for: 15m
# labels:
# severity: warning
# - alert: VeleroBackupFailures
# annotations:
# message: Velero backup {{ $labels.schedule }} has {{ $value | humanizePercentage }} failed backups.
# expr: |-
# velero_backup_failure_total{schedule!=""} / velero_backup_attempt_total{schedule!=""} > 0.25
# for: 15m
# labels:
# severity: warning
kubectl:
image:
repository: docker.io/bitnami/kubectl
# Digest value example: sha256:d238835e151cec91c6a811fe3a89a66d3231d9f64d09e5f3c49552672d271f38.
# If used, it will take precedence over the kubectl.image.tag.
# digest:
# kubectl image tag. If used, it will take precedence over the cluster Kubernetes version.
# tag: 1.16.15
# Container Level Security Context for the 'kubectl' container of the crd jobs. Optional.
# See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
containerSecurityContext: {}
# Resource requests/limits to specify for the upgrade/cleanup job. Optional
resources: {}
# Annotations to set for the upgrade/cleanup job. Optional.
annotations: {}
# Labels to set for the upgrade/cleanup job. Optional.
labels: {}
# This job upgrades the CRDs.
upgradeCRDs: true
# This job is meant primarily for cleaning up CRDs on CI systems.
# Using this on production systems, especially those that have multiple releases of Velero, will be destructive.
cleanUpCRDs: false
##
## End of deployment-related settings.
##
##
## Parameters for the `default` BackupStorageLocation and VolumeSnapshotLocation,
## and additional server settings.
##
configuration:
# Cloud provider being used (e.g. aws, azure, gcp).
provider: aws
# Parameters for the `default` BackupStorageLocation. See
# https://velero.io/docs/v1.6/api-types/backupstoragelocation/
backupStorageLocation:
# name is the name of the backup storage location where backups should be stored. If a name is not provided,
# a backup storage location will be created with the name "default". Optional.
name: <bucket name>
# provider is the name for the backup storage location provider. If omitted
# `configuration.provider` will be used instead.
provider:
# bucket is the name of the bucket to store backups in. Required.
bucket: <bucket name>
# caCert defines a base64 encoded CA bundle to use when verifying TLS connections to the provider. Optional.
caCert:
# prefix is the directory under which all Velero data should be stored within the bucket. Optional.
prefix:
# default indicates this location is the default backup storage location. Optional.
default:
# accessMode determines if velero can write to this backup storage location. Optional.
# default to ReadWrite, ReadOnly is used during migrations and restores.
accessMode: ReadWrite
# Additional provider-specific configuration. See link above
# for details of required/optional fields for your provider.
config:
region: us-west-2
# s3ForcePathStyle:
# s3Url:
# kmsKeyId:
# resourceGroup:
# The ID of the subscription containing the storage account, if different from the cluster’s subscription. (Azure only)
# subscriptionId:
# storageAccount:
# publicUrl:
# Name of the GCP service account to use for this backup storage location. Specify the
# service account here if you want to use workload identity instead of providing the key file.(GCP only)
# serviceAccount:
# Option to skip certificate validation or not if insecureSkipTLSVerify is set to be true, the client side should set the
# flag. For Velero client Command like velero backup describe, velero backup logs needs to add the flag --insecure-skip-tls-verify
# insecureSkipTLSVerify:
# Parameters for the `default` VolumeSnapshotLocation. See
# https://velero.io/docs/v1.6/api-types/volumesnapshotlocation/
volumeSnapshotLocation:
# name is the name of the volume snapshot location where snapshots are being taken. Required.
name:
# provider is the name for the volume snapshot provider. If omitted
# `configuration.provider` will be used instead.
provider:
# Additional provider-specific configuration. See link above
# for details of required/optional fields for your provider.
config: {}
# region: us-west-2
# apiTimeout:
# resourceGroup:
# The ID of the subscription where volume snapshots should be stored, if different from the cluster’s subscription. If specified, also requires `configuration.volumeSnapshotLocation.config.resourceGroup`to be set. (Azure only)
# subscriptionId:
# incremental:
# snapshotLocation: adi-tets
# project:
# These are server-level settings passed as CLI flags to the `velero server` command. Velero
# uses default values if they're not passed in, so they only need to be explicitly specified
# here if using a non-default value. The `velero server` default values are shown in the
# comments below.
# --------------------
# `velero server` default: restic
uploaderType:
# `velero server` default: 1m
backupSyncPeriod:
# `velero server` default: 4h
fsBackupTimeout:
# `velero server` default: 30
clientBurst:
# `velero server` default: 500
clientPageSize:
# `velero server` default: 20.0
clientQPS:
# Name of the default backup storage location. Default: default
defaultBackupStorageLocation:
# How long to wait by default before backups can be garbage collected. Default: 72h
defaultBackupTTL:
# Name of the default volume snapshot location.
defaultVolumeSnapshotLocations:
# `velero server` default: empty
disableControllers:
# `velero server` default: 1h
garbageCollectionFrequency:
# Set log-format for Velero pod. Default: text. Other option: json.
logFormat:
# Set log-level for Velero pod. Default: info. Other options: debug, warning, error, fatal, panic.
logLevel:
# The address to expose prometheus metrics. Default: :8085
metricsAddress:
# Directory containing Velero plugins. Default: /plugins
pluginDir:
# The address to expose the pprof profiler. Default: localhost:6060
profilerAddress:
# `velero server` default: false
restoreOnlyMode:
# `velero server` default: customresourcedefinitions,namespaces,storageclasses,volumesnapshotclass.snapshot.storage.k8s.io,volumesnapshotcontents.snapshot.storage.k8s.io,volumesnapshots.snapshot.storage.k8s.io,persistentvolumes,persistentvolumeclaims,secrets,configmaps,serviceaccounts,limitranges,pods,replicasets.apps,clusterclasses.cluster.x-k8s.io,clusters.cluster.x-k8s.io,clusterresourcesets.addons.cluster.x-k8s.io
restoreResourcePriorities:
# `velero server` default: 1m
storeValidationFrequency:
# How long to wait on persistent volumes and namespaces to terminate during a restore before timing out. Default: 10m
terminatingResourceTimeout:
# Comma separated list of velero feature flags. default: empty
# features: EnableCSI
features:
# `velero server` default: velero
namespace:
# additional key/value pairs to be used as environment variables such as "AWS_CLUSTER_NAME: 'yourcluster.domain.tld'"
extraEnvVars: {}
# Set true for backup all pod volumes without having to apply annotation on the pod when used file system backup Default: false.
defaultVolumesToFsBackup:
# How often repository maintain is run for repositories by default.
defaultRepoMaintainFrequency:
##
## End of backup/snapshot location settings.
##
##
## Settings for additional Velero resources.
##
rbac:
# Whether to create the Velero role and role binding to give all permissions to the namespace to Velero.
create: true
# Whether to create the cluster role binding to give administrator permissions to Velero
clusterAdministrator: true
# Name of the ClusterRole.
clusterAdministratorName: cluster-admin
# Information about the Kubernetes service account Velero uses.
serviceAccount:
server:
create: true
name:
annotations:
labels:
# Info about the secret to be used by the Velero deployment, which
# should contain credentials for the cloud provider IAM account you've
# set up for Velero.
credentials:
# Whether a secret should be used. Set to false if, for examples:
# - using kube2iam or kiam to provide AWS IAM credentials instead of providing the key file. (AWS only)
# - using workload identity instead of providing the key file. (GCP only)
useSecret: true
# Name of the secret to create if `useSecret` is true and `existingSecret` is empty
name:
# Name of a pre-existing secret (if any) in the Velero namespace
# that should be used to get IAM account credentials. Optional.
existingSecret:
# Data to be stored in the Velero secret, if `useSecret` is true and `existingSecret` is empty.
# As of the current Velero release, Velero only uses one secret key/value at a time.
# The key must be named `cloud`, and the value corresponds to the entire content of your IAM credentials file.
# Note that the format will be different for different providers, please check their documentation.
# Here is a list of documentation for plugins maintained by the Velero team:
# [AWS] https://github.com/vmware-tanzu/velero-plugin-for-aws/blob/main/README.md
# [GCP] https://github.com/vmware-tanzu/velero-plugin-for-gcp/blob/main/README.md
# [Azure] https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure/blob/main/README.md
secretContents:
cloud: |
[default]
aws_access_key_id=xxxxxxxxxxxxxxxxxxxxxxxxxxx
aws_secret_access_key=xxxxxxxxxxxxxxxxxxxxxxxxxx
# additional key/value pairs to be used as environment variables such as "DIGITALOCEAN_TOKEN: <your-key>". Values will be stored in the secret.
extraEnvVars: {}
# Name of a pre-existing secret (if any) in the Velero namespace
# that will be used to load environment variables into velero and node-agent.
# Secret should be in format - https://kubernetes.io/docs/concepts/configuration/secret/#use-case-as-container-environment-variables
extraSecretRef: ""
# Whether to create backupstoragelocation crd, if false => do not create a default backup location
backupsEnabled: true
# Whether to create volumesnapshotlocation crd, if false => disable snapshot feature
snapshotsEnabled: true
# Whether to deploy the node-agent daemonset.
deployNodeAgent: false
nodeAgent:
podVolumePath: /var/lib/kubelet/pods
privileged: false
# Pod priority class name to use for the node-agent daemonset. Optional.
priorityClassName: ""
# Resource requests/limits to specify for the node-agent daemonset deployment. Optional.
# https://velero.io/docs/v1.6/customize-installation/#customize-resource-requests-and-limits
resources:
requests:
cpu: 500m
memory: 512Mi
limits:
cpu: 1000m
memory: 1024Mi
# Tolerations to use for the node-agent daemonset. Optional.
tolerations: []
# Annotations to set for the node-agent daemonset. Optional.
annotations: {}
# labels to set for the node-agent daemonset. Optional.
labels: {}
# will map /scratch to emptyDir. Set to false and specify your own volume
# via extraVolumes and extraVolumeMounts that maps to /scratch
# if you don't want to use emptyDir.
useScratchEmptyDir: true
# Extra volumes for the node-agent daemonset. Optional.
extraVolumes: []
# Extra volumeMounts for the node-agent daemonset. Optional.
extraVolumeMounts: []
# Key/value pairs to be used as environment variables for the node-agent daemonset. Optional.
extraEnvVars: {}
# Configure the dnsPolicy of the node-agent daemonset
# See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
dnsPolicy: ClusterFirst
# SecurityContext to use for the Velero deployment. Optional.
# Set fsGroup for `AWS IAM Roles for Service Accounts`
# see more informations at: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
podSecurityContext:
runAsUser: 0
#fsGroup: 1337
# Container Level Security Context for the 'node-agent' container of the node-agent daemonset. Optional.
# See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
containerSecurityContext: {}
# Container Lifecycle Hooks to use for the node-agent daemonset. Optional.
lifecycle: {}
# Node selector to use for the node-agent daemonset. Optional.
nodeSelector: {}
# Affinity to use with node-agent daemonset. Optional.
affinity: {}
# DNS configuration to use for the node-agent daemonset. Optional.
dnsConfig: {}
# Backup schedules to create.
# Eg:
# schedules:
# mybackup:
# disabled: false
# labels:
# myenv: foo
# annotations:
# myenv: foo
# schedule: "0 0 * * *"
# useOwnerReferencesInBackup: false
# template:
# ttl: "240h"
# includedNamespaces:
# - foo
schedules: {}
# Velero ConfigMaps.
# Eg:
# configMaps:
# fs-restore-action-config:
# labels:
# velero.io/plugin-config: ""
# velero.io/pod-volume-restore: RestoreItemAction
# data:
# image: velero/velero-restore-helper:v1.10.0
configMaps: {}
##
## End of additional Velero resource settings.
##
After upgrading Velero from v1.1.0 to v1.3.1 we are encountering with the following issue: We use the following setting:
As mentioned in the comment above configuration.backupStorageLocation.name usually should match configuration.provider.
If the name is set to "aws", we getting backupstoragelocation.velero.io default not found errors, and no backups are done. In addition, metrics are all zero except velero_backup_total.
While if name is set to "default", backups occur and metrics are showing all values.
Is it a bug?
Best regards, Ahmad