Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Velero 1.15.x not working with kube2iam with datamover option enabled #8754

Open
SCLogo opened this issue Mar 5, 2025 · 6 comments
Open

Velero 1.15.x not working with kube2iam with datamover option enabled #8754

SCLogo opened this issue Mar 5, 2025 · 6 comments
Assignees
@Lyndon-Li
Labels
Area/Cloud/AWS area/datamover
Milestone
v1.16

Comments

@SCLogo
Copy link

SCLogo commented Mar 5, 2025

What steps did you take and what happened:
Create a backup
wait until snapshot controller creates the snapshots
Velero creates the datamover microservice pods
Datamover pods exists with error.

What did you expect to happen:
datamover pods should able to access the resources
The following information will help us better understand what's going on:

Anything else you would like to add:
I don't find option to add annotation to the datamover microservice. Probably that is the only issue, because if the pod does not contain the kube2iam related annotation then it won't get access to the resource

Environment:

  • Velero version (use velero version): 1.15.2
  • Velero features (use velero client config get features):
  • Kubernetes version (use kubectl version): 1.30.4
  • Kubernetes installer & version: kops 1.30.0
  • Cloud provider or hardware configuration: aws
  • OS (e.g. from /etc/os-release): Debian

Vote on this issue!

This is an invitation to the Velero community to vote on issues, you can see the project's top voted issues listed here.
Use the "reaction smiley face" up to the right of this comment to vote.

  • 👍 for "I would like to see this bug fixed as soon as possible"
  • 👎 for "There are more important bugs to focus on right now"
@Lyndon-Li
Copy link
Contributor

Lyndon-Li commented Mar 6, 2025
edited
Loading

This is similar to #8433, but this one requires 3rd annotations, we may support annotations in the way as same as labels.

@Lyndon-Li
Copy link
Contributor

Lyndon-Li commented Mar 6, 2025
edited
Loading

Looks like we need to support the annotation iam.amazonaws.com/role.

@SCLogo Please let us know if any more annotations are required.

@Lyndon-Li Lyndon-Li self-assigned this Mar 6, 2025
@SCLogo
Copy link
Author

SCLogo commented Mar 6, 2025

@Lyndon-Li correct, to able to use kube2aim we need the iam.amazonaws.com/role annotation on uploader pods.
In the future will there be any way to add same annotations on the datamover pod what you have on nodeagents? Maybe set annotations from helm chart ?
Will this change be in the next release ?
Thanks in advance

@Lyndon-Li
Copy link
Contributor

In the future will there be any way to add same annotations on the datamover pod what you have on nodeagents?

The data mover pods won't inherit all the labels/annotations from node-agent. Instead, in the code we have a whitelist, only the labels/annotations in the whitelist will be inherited

@Lyndon-Li
Copy link
Contributor

Lyndon-Li commented Mar 6, 2025
edited
Loading

Will this change be in the next release ?

It should be in 1.16. Will let you know for any change of the plan.

@SCLogo
Copy link
Author

SCLogo commented Mar 6, 2025

thank you.

@Lyndon-Li Lyndon-Li mentioned this issue Mar 10, 2025
Merged
@Lyndon-Li Lyndon-Li added this to the v1.16 milestone Mar 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Lyndon-Li Lyndon-Li

Labels
Area/Cloud/AWS area/datamover
Projects
None yet
Milestone
v1.16
Development

No branches or pull requests
3 participants
@kaovilai @SCLogo @Lyndon-Li