Strategy in Velero for bucket creation in minio

vmware-tanzu / velero

Backup and migrate Kubernetes applications and their persistent volumes

https://velero.io

Apache License 2.0

8.77k stars 1.41k forks source link

Strategy in Velero for bucket creation in minio #6319

Open VinayVamsi143 opened 1 year ago

VinayVamsi143 commented 1 year ago

When a PUT request is sent with an incorrect or non-existent bucket name to the velero, Velero automatically creates a bucket name in a Minio S3 location and makes it accessible.

Expected: Velero shouldn't make a bucket in the Minio, as expected. veleor should make BSL unavailable for valid S3 locations. Actual: Velero is creating a bucket in minio if bucket is not existing and making it available for valid S3 locations

Velero verison used: V1.11.1 K8s verison:1.24.4

qiuming-best commented 1 year ago

Velero wouldn't create a bucket automatically, Is the bucket you created before?

VinayVamsi143 commented 1 year ago

Actually, the bucket was not created; rather, I just provided a name for a non-existent bucket in the backup storage location configuration. A minute or so later, the same-named bucket is created automatically by velero, and the velero service will use it.

qiuming-best commented 1 year ago

could you show me the details of your Velero installation? the plugins used by Velero and the environment @VinayVamsi143

VinayVamsi143 commented 1 year ago

We were facing this issue with the only latest version of Velero v1.11.0 and it is getting installed as a helm chart in k8s 1.24.* version on SLES OS 15. we have not encountered these issues with earlier versions of velero such as v1.10.2.

Plugins Used: initContainers:

image: velero-plugin-for-aws:v1.7.0 imagePullPolicy: IfNotPresent name: velero-plugin-for-aws resources: {} volumeMounts:
- mountPath: /target name: plugins configuration: provider: aws backupStorageLocation: bucket: velero volumeSnapshotLocation: name: velero backupsEnabled: false snapshotsEnabled: false

VinayVamsi143 commented 1 year ago

apiVersion: velero.io/v1 kind: BackupStorageLocation metadata: name: default namespace: test-ns spec: accessMode: ReadWrite config: profile: default region: local s3ForcePathStyle: "true" s3Url: https:// default: true objectStorage: bucket: non-existing prefix: test provider: aws

qiuming-best commented 1 year ago

@VinayVamsi143 I've tried Velero 1.11.0 and velero-plugin-for-aws:v1.7.0, when I'm using one not exist bucket, the BLS status will be Unavailable.

could you open the debug log of Velero pod and provide me with the logs for debugging?

VinayVamsi143 commented 1 year ago

bsl-issue.txt Hello - i have added the log file, please validate logs

VinayVamsi143 commented 1 year ago

did we find anything on the issue?

qiuming-best commented 1 year ago

@VinayVamsi143 It's a bug indeed. We will set the Phase of BSL to be Unavailable, but the bucket it's still be created. we'll try to fix it

VinayVamsi143 commented 1 year ago

Please do confirm once issue is fixed, thanks.