-
Bug
-
Resolution: Done
-
Undefined
-
None
-
None
-
None
-
False
-
False
-
Passed
-
-
0
-
0
-
0
-
Untriaged
Problem description: When using azure plugin, DPA instance always expects storageAccountKeyEnvVar and AZURE_STORAGE_ACCOUNT_ACCESS_KEY to be defined, even when using an authentication which do not require storageAccountKeyEnvVar (e.g., service-principal).
If storageAccountKeyEnvVar is not set, the registry pod crashes with CrashLoopBackOff.
Expected results: DPA instance should not expect storageAccountKeyEnvVar and/or AZURE_STORAGE_ACCOUNT_ACCESS_KEY when using authentication method which does not require storage account access key.
See: https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure#install-and-start-velero
Observed results:
oc get dpa -n openshift-adp -o yaml apiVersion: v1 items: - apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: creationTimestamp: "2021-12-05T15:17:58Z" generation: 1 name: example-velero namespace: openshift-adp resourceVersion: "172784" uid: a5df53ed-f29d-46f0-ac2f-db8a45a29a5b spec: backupLocations: - velero: config: resourceGroup: mayap-oadp1112-rcgcj-rg storageAccount: velerobackupsmaya1 storageAccountKeyEnvVar: "" <<<<<<<<<<<<<<<<<<<<<<<<<<<<< subscriptionId: 53b8f551-f0fc-4bea-8cba-6d1fefd54c8a credential: key: cloud name: cloud-credentials-azure default: true objectStorage: bucket: veleromayap prefix: velero provider: azure configuration: restic: enable: true velero: defaultPlugins: - openshift - csi - azure snapshotLocations: - velero: config: resourceGroup: mayap-oadp1112-rcgcj-rg subscriptionId: 53b8f551-f0fc-4bea-8cba-6d1fefd54c8a provider: azure status: conditions: - lastTransitionTime: "2021-12-05T15:17:58Z" message: Reconcile complete reason: Complete status: "True" type: Reconciled kind: List metadata: resourceVersion: "" selfLink: ""
$ oc get pods -n openshift-adp NAME READY STATUS RESTARTS AGE oadp-example-velero-1-azure-registry-75c7f6675d-zw2zd 0/1 CrashLoopBackOff 7 (71s ago) 12m openshift-adp-controller-manager-d79f5fcd6-6p669 2/2 Running 0 167m restic-2l4mw 1/1 Running 0 12m restic-jvbds 1/1 Running 0 12m restic-l6clb 1/1 Running 0 12m restic-vrbww 1/1 Running 0 12m restic-x6pcv 1/1 Running 0 12m velero-6869887d48-bclzr 1/1 Running 0 12m
Same happens if using empty value for AZURE_STORAGE_ACCOUNT_ACCESS_KEY inside credentials file:
$ cat credentials-velero | grep AZURE_STORAGE_ACCOUNT_ACCESS_KEY AZURE_STORAGE_ACCOUNT_ACCESS_KEY=""
If storageAccountKeyEnvVar is not specified on DPA CR:
apiVersion: v1 items: - apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: creationTimestamp: "2021-12-05T15:32:58Z" generation: 1 name: example-velero namespace: openshift-adp resourceVersion: "181516" uid: 88890f84-e7ae-47f7-a631-7e932fb93fc1 spec: backupLocations: - velero: config: resourceGroup: mayap-oadp1112-rcgcj-rg storageAccount: velerobackupsmaya1 subscriptionId: 53b8f551-f0fc-4bea-8cba-6d1fefd54c8a credential: key: cloud name: cloud-credentials-azure default: true objectStorage: bucket: veleromayap prefix: velero provider: azure configuration: restic: enable: true velero: defaultPlugins: - openshift - csi - azure snapshotLocations: - velero: config: resourceGroup: mayap-oadp1112-rcgcj-rg subscriptionId: 53b8f551-f0fc-4bea-8cba-6d1fefd54c8a provider: azure status: conditions: - lastTransitionTime: "2021-12-05T15:32:58Z" message: error finding storage key for the supplied Azure credential reason: Error status: "False" type: Reconciled kind: List metadata: resourceVersion: "" selfLink: ""
Version: oadp-operator-bundle-container-0.5.0-4