search

vmware-tanzu / velero

Backup and migrate Kubernetes applications and their persistent volumes
https://velero.io
Apache License 2.0
8.4k stars 1.37k forks source link

v1.14.0 Scheduled backup fails if namespace doesn't exist #7928

Open phoenix-bjoern opened 3 days ago

phoenix-bjoern commented 3 days ago

What steps did you take and what happened: Create a schedule and include a non-existing namespace:

apiVersion: velero.io/v1
kind: Schedule
metadata:
  name: daily-application-backup
  namespace: velero
  annotations:
  labels:
    app.kubernetes.io/name: velero
    app.kubernetes.io/instance: velero
spec:
  useOwnerReferencesInBackup: false
  schedule: "0 0 * * *"
  template:
    csiSnapshotTimeout: 14400s
    hooks: {}
    includeClusterResources: false
    includedNamespaces:
    - my-namespace
    - a-non-existing-namespace
    itemOperationTimeout: 0s
    metadata: {}
    ttl: 720h

What did you expect to happen:

Velero before v1.14.0 executed the backup without complaint. Velero v1.14.0 stops the scheduled backup instantly and sets the status FailedValidation instead of executing the backup and e.g. setting the PartiallyFailed status. This new behavior is dangerous (or even critical?) as scheduled backups become fragile and stop working as soon as a defined namespace doesn't exist anymore.

phoenix-bjoern commented 3 days ago

It seems the behavior was changed in https://github.com/vmware-tanzu/velero/issues/7431 by @ywk253100. While I agree that there should be some failure reporting if "--include-namespaces" references namespaces which do not exist, I don't agree that scheduled backups should be skipped entirely.

This behavior is dangerous as the backup could be skipped without being recognized. IMHO the backup should be executed and the status should become PartiallyFailed instead. This will backup existing items and report that some items (like the namespaces which have been declared to be backed up) were missing.

kaovilai commented 3 days ago

Ignoring this being in a schedule, has velero ever claimed that includedNamespaces can include namespaces that do not exists?

If we ever implement wildcard/regex for namespaces to include https://github.com/vmware-tanzu/velero/issues/1874 then perhaps you could define that regex which I would expect would not fail a backup if no namespace exists.

blackpiglet commented 3 days ago

@kaovilai Velero doesn't support the wildcard or regular expression in the namespace filter parameters.

@phoenix-bjoern There are some issues similar to this topic, and some requests fail the backup on nonexisting namespaces, and some requests are identical to yours.

kaovilai commented 3 days ago

@kaovilai Velero doesn't support the wildcard or regular expression in the namespace filter parameters.

Right, referring to potential future implementation. 🤞