Uploaded image for project: 'OpenShift API for Data Protection'
  1. OpenShift API for Data Protection
  2. OADP-1737

BSL goes unavailable phase when VSL uses custom secret

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • oadp-operator-bundle-container-1.2.2-26
    • ToDo
    • 0
    • 0
    • Very Likely
    • 0
    • None
    • Unset
    • Unknown
    • No

      Description of problem:

      Created a DPA with custom VSL credentials. DPA is reconciled successfully.  BSL goes to unavailable to status when VSL uses non default/custom secret.  

      status:
  lastValidationTime: "2023-04-21T11:48:05Z"
  message: 'BackupStorageLocation "ts-dpa-1" is unavailable: rpc error: code = Unknown desc = serviceAccount is expected to be provided as an item in BackupStorageLocation''s config'
  phase: Unavailable

      Version-Release number of selected component (if applicable): 
      OADP 1.2.0-48

      How reproducible:
      Always

      Steps to Reproduce:
      1. Create a custom secret for VSL

      $ oc create secret generic cloud-credentials-gcp --from-file=cloud=/tmp/credentials
secret/cloud-credentials-gcp created
$ oc create secret generic custom-vsl-secret --from-file=cloud=/tmp/credentials
secret/custom-vsl-secret created

      2. Create a DPA CR

      apiVersion: oadp.openshift.io/v1alpha1
kind: DataProtectionApplication
metadata:
  name: example-gcp-velero
  namespace: openshift-adp
spec:
  backupLocations:
  - velero:
      default: true
      objectStorage:
        bucket: oadpbucket198949
        prefix: velero
      provider: gcp
  configuration:
    restic:
      enable: false
    velero:
      defaultPlugins:
      - openshift
      - gcp
  snapshotLocations:
  - velero:
      config:
        project: openshift-qe
        snapshotLocation: us-central1
      credential:
        key: cloud
        name: custom-vsl-secret
      provider: gcp

      Actual results:

      BSL phase is unavailable. 

      apiVersion: velero.io/v1
kind: BackupStorageLocation
metadata:
  labels:
    app.kubernetes.io/component: bsl
    app.kubernetes.io/instance: example-gcp-velero-1
    app.kubernetes.io/managed-by: oadp-operator
    app.kubernetes.io/name: oadp-operator-velero
    openshift.io/oadp: "True"
    openshift.io/oadp-registry: "True"
  name: example-gcp-velero-1
  namespace: openshift-adp
spec:
  default: true
  objectStorage:
    bucket: oadpbucket198949
    prefix: velero
  provider: gcp
status:
  lastSyncedTime: "2023-04-25T11:03:42Z"
  lastValidationTime: "2023-04-25T11:06:12Z"
  message: 'BackupStorageLocation "example-gcp-velero-1" is unavailable: rpc error: code = Unknown desc = serviceAccount is expected to be provided as an item in BackupStorageLocation''s config'
  phase: Unavailable

      Velero logs

      time="2023-04-25T11:05:02Z" level=error msg="Error getting a backup store" backup-storage-location=openshift-adp/example-gcp-velero-1 controller=backup-storage-location error="rpc error: code = Unknown desc = serviceAccount is expected to be provided as an item in BackupStorageLocation's config" error.file="/remote-source/app/velero-plugin-for-gcp/object_store.go:127" error.function="main.(*ObjectStore).Init" logSource="/remote-source/velero/app/pkg/controller/backup_storage_location_controller.go:148"
time="2023-04-25T11:05:02Z" level=info msg="BackupStorageLocation is invalid, marking as unavailable" backup-storage-location=openshift-adp/example-gcp-velero-1 controller=backup-storage-location logSource="/remote-source/velero/app/pkg/controller/backup_storage_location_controller.go:131"
time="2023-04-25T11:05:12Z" level=error msg="Error getting backup store for this location" backupLocation=openshift-adp/example-gcp-velero-1 controller=backup-sync error="rpc error: code = Unknown desc = serviceAccount is expected to be provided as an item in BackupStorageLocation's config" error.file="/remote-source/app/velero-plugin-for-gcp/object_store.go:127" error.function="main.(*ObjectStore).Init" logSource="/remote-source/velero/app/pkg/controller/backup_sync_controller.go:100"

      Expected results:
      BSL should be in available phase.

      Additional info:

      $ oc get secret 
NAME                                               TYPE                                  DATA   AGE
builder-dockercfg-879k7                            kubernetes.io/dockercfg               1      27m
builder-token-kk7j5                                kubernetes.io/service-account-token   4      27m
cloud-credentials-gcp                              Opaque                                1      2m21s
custom-vsl-secret                                  Opaque                                1      2m11s
default-dockercfg-mnjvx                            kubernetes.io/dockercfg               1      27m
default-token-nh6x9                                kubernetes.io/service-account-token   4      27m
deployer-dockercfg-4cn76                           kubernetes.io/dockercfg               1      27m
deployer-token-c5c9d                               kubernetes.io/service-account-token   4      27m
openshift-adp-controller-manager-dockercfg-pxfhv   kubernetes.io/dockercfg               1      25m
openshift-adp-controller-manager-token-m7clq       kubernetes.io/service-account-token   4      25m
velero-dockercfg-89xcp                             kubernetes.io/dockercfg               1      25m
velero-repo-credentials                            Opaque                                1      20s
velero-token-srmgc                                 kubernetes.io/service-account-token   4      25m

      Slack thread:- https://redhat-internal.slack.com/archives/C0144ECKUJ0/p1682077647671969

              rhn-engineering-mpryc Michal Pryc
              rhn-support-prajoshi Prasad Joshi
              Amos Mastbaum Amos Mastbaum
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: