-

Configurable volume exposure of Daemonset node-agent datamovers

-

What is the nature and description of the request?

The default list of exposed folders from hosts for Daemonset node-agent datamovers is unable to deal with variable volume mount conifguration settings of different cloud providers.

 
The cause of why Block PVC backups and restore fail on IBM Cloud has been identified.
 
It is a kubelet configuration change from default kubelet settings to the mounted locations of volumes on the host.On IBM Cloud hosted Openshift Kubelet has been set to mount CSI volumes to: 
 
 /var/data/kubelet/pods/<pod uid>/volumes/kubernetes.io~{csi,projected,...}/<pv name>
 
Default Openshift Kubelet is set to mount CSI Volumes  
 
/var/lib/kubelet/pods/<pod uid>/volumes/kubernetes.io~{csi,projected,...}/<pv name>
 
The daemonset node-agent only exposes /var/lib from the host.Velero tries to resolve the symlink to the device resulting in the error:
 
data path backup failed: Failed to run kopia backup: unable to get local block device entry: resolveSymlink: lstat /var/data: no such file or directory'.
In Velero function:
pkg/uploader/kopia/block_backup.go:getLocalBlockEntry
  pkg/uploader/kopia/snapshot.go:resolveSymlink
 

Manual change to the daemonset is reverted immediately by the oadp-operator.

The future work item to deploy datamover pods with the volume attached instead of exposing the host (as our own datamover does in 2.8 and lower) upstream in Velero should fix this issue in a future release and close the known possible security issues from exposing host locations.

https://github.com/vmware-tanzu/velero/issues/7198

 https://github.com/vmware-tanzu/velero/pull/8046. 
-

Why does the customer need this? (List the business requirements here)

• Red Hat Virtualization backup and restore fail on IBM Cloud with OADP 1.3 and above

Optional Component List: 

OADP

Velero