Velero vSphere Operator namespace suffix is not unique in linked vCenter environment

[dancsoj]

Describe the bug

We have 2 vCenters in linked mode, both has 1-1 cluster with Tanzu enabled. The Velero vSphere Operator namespace will have the same name in both vCenters(svc-velero-vsphere-domain-c1006), however the suffix should be unique by the VMware documentation: https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-E7D7E987-2686-4458-BE9E-81A8D79D7859.html

To Reproduce

The namespaces have the same name everytime I re-install it. I tried to install by logging in the other vCenter of the linked vCenters, but the result is the same.

Expected behavior

The names should be unique by the mentioned documentation

Troubleshooting Information

vCenter version: 7.0.3 20395099 Supervisor version: v1.22.6+vmware.1-vsc0.0.17-20026652 Velero vSphere Operator version: 1.2.0

Screenshots

Anything else you would like to add:

[YuxinZhou]

Hi, thank you for opening the issue. The service namespace is named svc-[servive-id]-[cluster-id] and is unique per VC. The document says "verify that you see a new namespace named svc-velero-vsphere-domain-xxx, where xxx is a unique alphanumeric token." - This is wrong. "domain-xxx" as a whole is the cluster-MoID, not a domain + token. I'll ask the doc team to update it.

I am curious - do the 2 services work as expected despite their namespaces being the same? I don't think we've verified the service on vCenters in linked mode, not sure if this could be a problem.

[xinyanw409]

Thanks Yuxin for the comment.

Hi @dancsoj I find this document for linked mode https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vcenter.install.doc/GUID-5809FB05-508B-492A-B9C8-9F292B01519D.html, it says "You can migrate a vCenter Server from an existing domain to an another existing domain with or without replication. The migrated vCenter Server moves from its current Single Sign-On domain and joins the other existing domain as another vCenter Server connected via enhanced linked mode." What I understand is that in your environment the two vCenters in linked mode are under the same Single SSO domain (please correct me if this is wrong), so maybe that's why "domain-xxx" are the same, but need to verify with Beddazle team how the namespace is created.

[dancsoj]

Hi,

Thank you for the clarification! I don’t think the linked mode will be an issue.

From: Yuxin Zhou @.> Sent: Tuesday, December 13, 2022 2:21 AM To: vmware-tanzu/velero-plugin-for-vsphere @.> Cc: Dancsó János @.>; Author @.> Subject: Re: [vmware-tanzu/velero-plugin-for-vsphere] Velero vSphere Operator namespace suffix is not unique in linked vCenter environment (Issue #506)

Hi, thank you for opening the issue. The service namespace is named "svc-- " and is unique per VC. The document says "verify that you see a new namespace named svc-velero-vsphere-domain-xxx, where xxx is a unique alphanumeric token." - This is wrong. "domain-xxx" is the cluster-ID, not a token. I'll ask the doc team to update it.

I am curious - do the 2 services work as expected despite their namespaces being the same? I don't think we've verified the service on vCenters in linked mode, not sure if this could be a problem.

— Reply to this email directly, view it on GitHubhttps://github.com/vmware-tanzu/velero-plugin-for-vsphere/issues/506#issuecomment-1347612332, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AN5ONECU7VTGUNHWEMIGBZDWM7FRTANCNFSM6AAAAAASW7FW5I. You are receiving this because you authored the thread.Message ID: @.**@.>>

---

Figyelmeztetés Ez az e-mail üzenet, a fenti címzetteknek szánt, üzleti titoktartás alá eső bizalmas információkat tartalmaz. Téves kézbesítés esetén kérjük, értesítsen a fent megjelölt telefon, fax számokon, vagy e-mail címen. Az eredeti példány visszaküldéséről címünkre, majd törléséről, azonnal rendelkezni szíveskedjen.

Notice: This e-mail contains privileged and confidential business information intended only for the use of addresses(s) named above. Should you have received it in error, please notify us by phone or e-mail, and delete after returning the original e-mail to our address.

[dancsoj]

Hi,

Yes, they are in the same SSO domian and first vCenter’s unique ID is 6, so it also suspicious.

From: Xinyan Wu @.> Sent: Tuesday, December 13, 2022 3:18 AM To: vmware-tanzu/velero-plugin-for-vsphere @.> Cc: Dancsó János @.>; Mention @.> Subject: Re: [vmware-tanzu/velero-plugin-for-vsphere] Velero vSphere Operator namespace suffix is not unique in linked vCenter environment (Issue #506)

Thanks Yuxin for the comment.

Hi @dancsojhttps://github.com/dancsoj I find this document for linked mode https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vcenter.install.doc/GUID-5809FB05-508B-492A-B9C8-9F292B01519D.html, it says "You can migrate a vCenter Server from an existing domain to an another existing domain with or without replication. The migrated vCenter Server moves from its current Single Sign-On domain and joins the other existing domain as another vCenter Server connected via enhanced linked mode." What I understand is that in your environment the two vCenters in linked mode are under the same Single SSO domain (please correct me if this is wrong), so maybe that's why "domain-xxx" are the same, but need to verify with Beddazle team how the namespace is created.

— Reply to this email directly, view it on GitHubhttps://github.com/vmware-tanzu/velero-plugin-for-vsphere/issues/506#issuecomment-1347652999, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AN5ONEA4XBL5GSDMUVUNTZLWM7ME3ANCNFSM6AAAAAASW7FW5I. You are receiving this because you were mentioned.Message ID: @.**@.>>

---

Figyelmeztetés Ez az e-mail üzenet, a fenti címzetteknek szánt, üzleti titoktartás alá eső bizalmas információkat tartalmaz. Téves kézbesítés esetén kérjük, értesítsen a fent megjelölt telefon, fax számokon, vagy e-mail címen. Az eredeti példány visszaküldéséről címünkre, majd törléséről, azonnal rendelkezni szíveskedjen.

Notice: This e-mail contains privileged and confidential business information intended only for the use of addresses(s) named above. Should you have received it in error, please notify us by phone or e-mail, and delete after returning the original e-mail to our address.