-
Bug
-
Resolution: Not a Bug
-
Major
-
OADP 1.3.0
-
False
-
-
False
-
ToDo
-
-
-
Moderate
-
5
-
0
-
Very Likely
-
0
-
Customer Escalated, Customer Facing
-
None
-
Unset
-
Unknown
-
No
Setup:
1. Remove any user defined secrets from openshift-adp namespace, specifically
```
//TODO: Check for default secret names
VeleroAWSSecretName = "cloud-credentials"
VeleroAzureSecretName = "cloud-credentials-azure"
VeleroGCPSecretName = "cloud-credentials-gcp"
```
2. Remove the DPA and any BSL instances
3. Create a secret w/ working credentials name `custom-credentials`
4. Create a DPA that is similar to the following but adjusted to something that should work for your cluster
```
apiVersion: oadp.openshift.io/v1alpha1
kind: DataProtectionApplication
metadata:
managedFields:
name: dpa-sample
namespace: openshift-adp
spec:
backupLocations:
- velero:
config:
profile: default
region: us-west-2
credential:
key: cloud
name: custom-credentials
default: true
objectStorage:
bucket: yourbucket
prefix: velero
provider: aws
```
5. Save the dpa, and watch for the a reconcile error that notes the secret `cloud-credentials` ( or other cloud default secret name ) is missing.
Note the reconcile error:
```
status:
conditions:
- lastTransitionTime: "2023-12-05T19:12:48Z"
message: Secret "cloud-credentials" not found
reason: Error
status: "False"
type: Reconciled
```
Note the error from operator manager
```
1.7017978825005033e+09 INFO error validating aws provider secret: openshift-adp/cloud-credentials {"controller": "dataprotectionapplication", "controllerGroup": "oadp.openshift.io", "controllerKind": "DataProtectionApplication", "dataProtectionApplication":
{"name":"dpa-sample","namespace":"openshift-adp"}, "namespace": "openshift-adp", "name": "dpa-sample", "reconcileID": "a8653054-b027-4f1f-b0d6-1e1aa714a065"}
1.7017978825100672e+09 ERROR Reconciler error {"controller": "dataprotectionapplication", "controllerGroup": "oadp.openshift.io", "controllerKind": "DataProtectionApplication", "dataProtectionApplication":
, "namespace": "openshift-adp", "name": "dpa-sample", "reconcileID": "a8653054-b027-4f1f-b0d6-1e1aa714a065", "error": "Secret \"cloud-credentials\" not found"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
```
5.5 Also look at the credentials stored directly in the bsl. Note that the bsl is available, w/ the `custom-credentials`
6. To play around, add the default secret w/ the same credentials, `cloud-credentials` and the DPA should reconcile properly. Also look at the credentials stored directly in the bsl. Note that the bsl is available, w/ the `custom-credentials`
FIX in two steps:
- Update the error message to indicate the following:
- The default cloud-credential must be created and present regardless whether or not it's used in the BSL or VSL at this time
- Check all the defined BSL and VSL ( which allow the credential to NOT be specified )
- If all the defined BSL && VSL's have a credential defined and the credentials ARE present, DO NOT ERROR OUT on the missing default `cloud-credential`
Work Around:
The customer workaround is to simply create the required default `cloud-credentials` initially. Once defaults are created the custom secret can be used and is checked properly for it's existence.
