i'm trying to use Velero to backup an AKS cluster but for some reason i'm unable to set the backup location in velero.
I can confirm the credentials-velero file I have obtains the correct storage access key, and the secret (cloud-credentials) reflects it as well.
Kind of at a lost as to why it's throwing me this error. Never used Velero before.
EDIT:
So I used the following commands to get the credential file:
Obtain the Azure Storage account access key
AZURE_STORAGE_ACCOUNT_ACCESS_KEY=`az storage account keys list --account-name storsmaxdv --query "[?keyName == 'key1'].value" -o tsv`
then I create the credential file
cat << EOF > ./credentials-velero
AZURE_STORAGE_ACCOUNT_ACCESS_KEY=${AZURE_STORAGE_ACCOUNT_ACCESS_KEY}
AZURE_CLOUD_NAME=AzurePublicCloud
EOF
then my install command is:
./velero install \
--provider azure
--plugins velero/velero-plugin-for-microsoft-azure:v1.3.0 \
--bucket velero \
--secret-file ./credentials-velero \
--backup-location-config resourceGroup=resourcegroupname,storageAccount=storageAccount,storageAccountKeyEnvVar=AZURE_STORAGE_ACCOUNT_ACCESS_KEY[,subscriptionId=numbersandlettersandstuff] \
--use-volume-snapshots=false
I can verify Velero created a secret called cloud-credentials, and when I decrypt it with base64 I'm able to see what looks like the contents of my credentials-velero file. for example:
AZURE_STORAGE_ACCOUNT_ACCESS_KEY=MYAZURESTORAGEACCOUNTKEY
AZURE_CLOUD_NAME=AzurePublicCloud
not sure how your cred file formatting is and the command you are running.
Please try the below file and update the command as per need.
Example command :
./velero install --provider azure --plugins velero/velero-plugin-for-microsoft-azure:v1.0.1 --bucket velero-cluster-backups --backup-location-config resourceGroup=STORAGE-ACCOUNT-RESOURCEGROUP,storageAccount=STORAGEACCOUNT --use-volume-snapshots=false --secret-file ./credentials-velero
Cred file
AZURE_STORAGE_ACCOUNT_ACCESS_KEY=MYAZURESTORAGEACCOUNTKEY
AZURE_CLOUD_NAME=AzurePublicCloud
i would suggest checking out the secret that is getting created into the K8s cluster and check the formatting of that secret and data.
Refer more here : https://github.com/vmware-tanzu/velero/issues/2272
Check this plugin : https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure
turns out it was the brackets in the install command that was causing the issue
--backup-location-config resourceGroup=resourcegroupname,storageAccount=storageAccount,storageAccountKeyEnvVar=AZURE_STORAGE_ACCOUNT_ACCESS_KEY[,subscriptionId=numbersandlettersandstuff] \
removed the brackets to this:
--backup-location-config resourceGroup=resourcegroupname,storageAccount=storageAccount,storageAccountKeyEnvVar=AZURE_STORAGE_ACCOUNT_ACCESS_KEY,subscriptionId=numbersandlettersandstuff \
and now it works
1: Create servce pricple for velero in azure ad
you can create credential file in below format
AZURE_CLOUD_NAME=AzurePublicCloud
AZURE_SUBSCRIPTION_ID=*************
AZURE_TENANT_ID=**************
AZURE_CLIENT_ID=********
AZURE_CLIENT_SECRET=**********
AZURE_RESOURCE_GROUP=(name of your cluster resorce group where your pvc reside)