Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done-Errata
Priority: Major
Fix Version/s: OADP 1.2.2
Affects Version/s: OADP 1.2.0
Component/s: snapshotlocation
Labels:
- triaged

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Fixed in Build:
oadp-operator-bundle-container-1.2.2-26
QEStatus:
ToDo
Regression:
No

Cost of Delay:
0
WSJF:
0
Risk Probability:
Very Likely
Risk Score:
0

Workstream:

None

Root Cause:
Unset
Failure Category:
Unknown

SFDC Cases Links:
SFDC Cases Counter:

Description

Description of problem:

Created a DPA with custom VSL credentials. DPA is reconciled successfully. BSL goes to unavailable to status when VSL uses non default/custom secret.

status:
  lastValidationTime: "2023-04-21T11:48:05Z"
  message: 'BackupStorageLocation "ts-dpa-1" is unavailable: rpc error: code = Unknown desc = serviceAccount is expected to be provided as an item in BackupStorageLocation''s config'
  phase: Unavailable

Version-Release number of selected component (if applicable):
OADP 1.2.0-48

How reproducible:
Always

Steps to Reproduce:
1. Create a custom secret for VSL

$ oc create secret generic cloud-credentials-gcp --from-file=cloud=/tmp/credentials
secret/cloud-credentials-gcp created
$ oc create secret generic custom-vsl-secret --from-file=cloud=/tmp/credentials
secret/custom-vsl-secret created

2. Create a DPA CR

apiVersion: oadp.openshift.io/v1alpha1
kind: DataProtectionApplication
metadata:
  name: example-gcp-velero
  namespace: openshift-adp
spec:
  backupLocations:
  - velero:
      default: true
      objectStorage:
        bucket: oadpbucket198949
        prefix: velero
      provider: gcp
  configuration:
    restic:
      enable: false
    velero:
      defaultPlugins:
      - openshift
      - gcp
  snapshotLocations:
  - velero:
      config:
        project: openshift-qe
        snapshotLocation: us-central1
      credential:
        key: cloud
        name: custom-vsl-secret
      provider: gcp

Actual results:

BSL phase is unavailable.

apiVersion: velero.io/v1
kind: BackupStorageLocation
metadata:
  labels:
    app.kubernetes.io/component: bsl
    app.kubernetes.io/instance: example-gcp-velero-1
    app.kubernetes.io/managed-by: oadp-operator
    app.kubernetes.io/name: oadp-operator-velero
    openshift.io/oadp: "True"
    openshift.io/oadp-registry: "True"
  name: example-gcp-velero-1
  namespace: openshift-adp
spec:
  default: true
  objectStorage:
    bucket: oadpbucket198949
    prefix: velero
  provider: gcp
status:
  lastSyncedTime: "2023-04-25T11:03:42Z"
  lastValidationTime: "2023-04-25T11:06:12Z"
  message: 'BackupStorageLocation "example-gcp-velero-1" is unavailable: rpc error: code = Unknown desc = serviceAccount is expected to be provided as an item in BackupStorageLocation''s config'
  phase: Unavailable

Velero logs

time="2023-04-25T11:05:02Z" level=error msg="Error getting a backup store" backup-storage-location=openshift-adp/example-gcp-velero-1 controller=backup-storage-location error="rpc error: code = Unknown desc = serviceAccount is expected to be provided as an item in BackupStorageLocation's config" error.file="/remote-source/app/velero-plugin-for-gcp/object_store.go:127" error.function="main.(*ObjectStore).Init" logSource="/remote-source/velero/app/pkg/controller/backup_storage_location_controller.go:148"
time="2023-04-25T11:05:02Z" level=info msg="BackupStorageLocation is invalid, marking as unavailable" backup-storage-location=openshift-adp/example-gcp-velero-1 controller=backup-storage-location logSource="/remote-source/velero/app/pkg/controller/backup_storage_location_controller.go:131"
time="2023-04-25T11:05:12Z" level=error msg="Error getting backup store for this location" backupLocation=openshift-adp/example-gcp-velero-1 controller=backup-sync error="rpc error: code = Unknown desc = serviceAccount is expected to be provided as an item in BackupStorageLocation's config" error.file="/remote-source/app/velero-plugin-for-gcp/object_store.go:127" error.function="main.(*ObjectStore).Init" logSource="/remote-source/velero/app/pkg/controller/backup_sync_controller.go:100"

Expected results:
BSL should be in available phase.

Additional info:

$ oc get secret 
NAME                                               TYPE                                  DATA   AGE
builder-dockercfg-879k7                            kubernetes.io/dockercfg               1      27m
builder-token-kk7j5                                kubernetes.io/service-account-token   4      27m
cloud-credentials-gcp                              Opaque                                1      2m21s
custom-vsl-secret                                  Opaque                                1      2m11s
default-dockercfg-mnjvx                            kubernetes.io/dockercfg               1      27m
default-token-nh6x9                                kubernetes.io/service-account-token   4      27m
deployer-dockercfg-4cn76                           kubernetes.io/dockercfg               1      27m
deployer-token-c5c9d                               kubernetes.io/service-account-token   4      27m
openshift-adp-controller-manager-dockercfg-pxfhv   kubernetes.io/dockercfg               1      25m
openshift-adp-controller-manager-token-m7clq       kubernetes.io/service-account-token   4      25m
velero-dockercfg-89xcp                             kubernetes.io/dockercfg               1      25m
velero-repo-credentials                            Opaque                                1      20s
velero-token-srmgc                                 kubernetes.io/service-account-token   4      25m

Slack thread:- https://redhat-internal.slack.com/archives/C0144ECKUJ0/p1682077647671969