K
Q

Trouble creating Velero storage location with storage access key

1/8/2022

i'm trying to use Velero to backup an AKS cluster but for some reason i'm unable to set the backup location in velero.

i'm getting the error below Error no storage account key found in env var

I can confirm the credentials-velero file I have obtains the correct storage access key, and the secret (cloud-credentials) reflects it as well.

Kind of at a lost as to why it's throwing me this error. Never used Velero before.

EDIT:

So I used the following commands to get the credential file:

Obtain the Azure Storage account access key

AZURE_STORAGE_ACCOUNT_ACCESS_KEY=`az storage account keys list --account-name storsmaxdv --query "[?keyName == 'key1'].value" -o tsv`

then I create the credential file

cat << EOF  > ./credentials-velero
AZURE_STORAGE_ACCOUNT_ACCESS_KEY=${AZURE_STORAGE_ACCOUNT_ACCESS_KEY}
AZURE_CLOUD_NAME=AzurePublicCloud
EOF

then my install command is:

./velero install \
    --provider azure 
    --plugins velero/velero-plugin-for-microsoft-azure:v1.3.0 \
    --bucket velero \
    --secret-file ./credentials-velero \
    --backup-location-config resourceGroup=resourcegroupname,storageAccount=storageAccount,storageAccountKeyEnvVar=AZURE_STORAGE_ACCOUNT_ACCESS_KEY[,subscriptionId=numbersandlettersandstuff] \
    --use-volume-snapshots=false

I can verify Velero created a secret called cloud-credentials, and when I decrypt it with base64 I'm able to see what looks like the contents of my credentials-velero file. for example:

AZURE_STORAGE_ACCOUNT_ACCESS_KEY=MYAZURESTORAGEACCOUNTKEY
AZURE_CLOUD_NAME=AzurePublicCloud
-- Paul
azure
azure-aks
backup
kubernetes
velero

Similar Questions

Kubernetes Volumes/PV vs Docker Named Volume
Is k8s dashboard recommended for production ready server?
How to redirect http to https in Kubernetes service manifest
How to send Ajax calls to an app located in a pod in a Kubernetes cluster?
How to list all kubernetes objects with specific label using client-go

3 Answers

1/8/2022

not sure how your cred file formatting is and the command you are running.

Please try the below file and update the command as per need.

Example command : 

./velero install --provider azure --plugins velero/velero-plugin-for-microsoft-azure:v1.0.1 --bucket velero-cluster-backups --backup-location-config resourceGroup=STORAGE-ACCOUNT-RESOURCEGROUP,storageAccount=STORAGEACCOUNT --use-volume-snapshots=false --secret-file ./credentials-velero

Cred file

AZURE_STORAGE_ACCOUNT_ACCESS_KEY=MYAZURESTORAGEACCOUNTKEY
AZURE_CLOUD_NAME=AzurePublicCloud

i would suggest checking out the secret that is getting created into the K8s cluster and check the formatting of that secret and data.

Refer more here : https://github.com/vmware-tanzu/velero/issues/2272

Check this plugin : https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure

-- Harsh Manvar
Source: StackOverflow
1/14/2022

turns out it was the brackets in the install command that was causing the issue 

--backup-location-config resourceGroup=resourcegroupname,storageAccount=storageAccount,storageAccountKeyEnvVar=AZURE_STORAGE_ACCOUNT_ACCESS_KEY[,subscriptionId=numbersandlettersandstuff] \

removed the brackets to this:

--backup-location-config resourceGroup=resourcegroupname,storageAccount=storageAccount,storageAccountKeyEnvVar=AZURE_STORAGE_ACCOUNT_ACCESS_KEY,subscriptionId=numbersandlettersandstuff \

and now it works

-- Paul
Source: StackOverflow
1/13/2022

1: Create servce pricple for velero in azure ad

you can create credential file in below format

AZURE_CLOUD_NAME=AzurePublicCloud
AZURE_SUBSCRIPTION_ID=*************
AZURE_TENANT_ID=**************
AZURE_CLIENT_ID=********
AZURE_CLIENT_SECRET=**********
AZURE_RESOURCE_GROUP=(name of your cluster resorce group where your pvc reside)
-- Tariq Jawed
Source: StackOverflow