In OpenShift env (installed in azure), velero is not able to backup PVCs those were created using file.csi.azure.com provisioner while it works for PVCs those were created using disk.csi.azure.com provisioner #8468
Comments
Looks like CSI snapshot is not enabled and Velero is using native snapshotter. Follow this doc to enable CSI snapshot https://velero.io/docs/v1.15/csi/. |
|
Moreover, Azure file CSI doesn't support snapshot restore, so I am afraid you cannot restore the data even if the backup succeeds. |
adityagu0910
changed the title
|
@Lyndon-Li Thanks for your reply. |
|
I would like to note that as of OpenShift 4.16, azure file CSI driver do not supports snapshotting. |
|
@Lyndon-Li I saw on the azure file csi snapshot example that restore is now supported on v1.30.2 fyi |
Yes, Velero native snapshot doesn't support azure file. |
For CSI snapshots, snapshots are being created in same azure resource group where we have our OpenShift env running. Is it possible to store snapshots to another azure resource group where we are storing our backups ( in backupStorageLocation container) ? |
|
Snapshots belong to disks. Disks belong to a clusters. |
|
You should be able to move them if your cloud provider allows. You'll have to move it back to where the CSI driver would expect if you want velero to be able to trigger and create disk where the env lives. |
@kaovilai I think it could be useful if Velero provides an option to configure snapshot location (similar to how backup locations are configured)) for the CSI interface. Ideally, Velero should also support restoring snapshots directly from this configured location. In many setups, backups are stored in a dedicated backup resource group shared across multiple applications, including OpenShift. Enabling such functionality would align with the common practice of centralizing backups and recovery for multiple applications. |
|
@adityagu0910 I don't think csi spec itself has defined generic way to move regions. I would raise that with csi spec repo |
|
Also note that if you want to store the PVC data in the backup storage location, you can also do that by using datamover (setting |
|
@sseago Yes I am trying to use OADP Data Mover(Velero built-in data mover) with CSI snapshot and facing issue with azure file share snapshot move. Getting below error related to secret not found. I believe this secret should be created automatically as it does when we provision any pvc dynamically using azure file share storage class in any namespace.
|
|
After creating the secret (azure-storage-account-FILESHARESTORAGEACCOUNT-secret) manually in openshift-adp namespace, backup/restore works fine for both CSI Snapshot type (Azure File and Azure Disk). It could be a bug with CSI Data Mover that it is not able to leverage the secret from CSI azure file controller. |
Did you have the doc where you found to do that? |
kaovilai
added
env/openshift
Area/CSI
|
I would like to add few details regarding Azure Files PVC backups as an additional data point. Azure Files CSI driver supported CSI snapshots for long time but until recently, creating a PVC from that CSI snapshots was not possible. So CloudCasa implemented custom code to integrate with Azure portal and automate backups. See https://docs.cloudcasa.io/help/reference-pv-types.html#ref-pv-types-azure-file for some info in this regard. And as @kaovilai pointed out, restore from snapshots functionality has been added in recent versions of Azure Files CSI driver. So we now allow our users to select a backup method (either CSI driver or CloudCasa). https://docs.cloudcasa.io/help/relnotes-10-2024.html#selection-of-backup-method-for-azure-files-pvcs However, we did see few issues with CSI driver implementation of restore so we have few users switch back to CloudCasa method after trying CSI driver. Of course, the issues may be fixed in future but I wanted to mention our experience in this regard. Please feel free to reach out to me if you need more details. |
I copied the secret from kube-system namespace(where we have all our CSI drivers installed) to openshift-adp namespace.
|
What steps did you take and what happened:
Regular daily backup for whole OpenShift cluster is running and it is not able to backup PVCs those were created using file.csi.azure.com provisioner while it works for PVCs those were created using disk.csi.azure.com provisioner.
We see below warning in backup describe command.
Warnings:
Velero:
Cluster: resource: /persistentvolumes name: /pvc-1111 message: /No volume ID returned by volume snapshotter for persistent volume
resource: /persistentvolumes name: /pvc-2222 message: /No volume ID returned by volume snapshotter for persistent volume
Namespaces:
What did you expect to happen:
It should backup all the PVCs available in cluster including the one created using file.csi.azure.com provisioner
The following information will help us better understand what's going on:
Please see attached velero backup describe without details
daily-backup-schedule-20241129180420.txt
Anything else you would like to add:
Velero was installed using OpenShift OADP operator.
Below is the version:
Client:
Version: v1.14.1-OADP
Git commit: -
Server:
Version: v1.14.1-OADP
Vote on this issue!
This is an invitation to the Velero community to vote on issues, you can see the project's top voted issues listed here.
Use the "reaction smiley face" up to the right of this comment to vote.
The text was updated successfully, but these errors were encountered: