Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

velero-plugin-for-aws v1.10.x BSL unavailable while using default profile creds and bucket is in different AWS account #7945

Open
mugdha-adhav opened this issue Jun 27, 2024 · 2 comments
Open

velero-plugin-for-aws v1.10.x BSL unavailable while using default profile creds and bucket is in different AWS account #7945

mugdha-adhav opened this issue Jun 27, 2024 · 2 comments
Assignees
@reasonerjt
Labels
Area/Cloud/AWS Needs info Waiting for information Needs investigation

Comments

@mugdha-adhav
Copy link

What steps did you take and what happened:
After upgrading velero-plugin-for-aws to v1.10.x from v1.9.0, BSL is unavailable with error -

message: "BackupStorageLocation \"default\" is unavailable: rpc error: code = Unknown
    desc = error fetching config from profile, default, Error using profile: \n 2,
    partial credentials found for profile default\n"
  phase: Unavailable

Note: In this case credentials.useSecret is set to false, so we expect the AWS config to be set using default profile.

Also, the bucket is in a different AWS account from the cluster (where velero is deployed).

Downgrading velero-plugin-for-aws to v1.9.0 solves the issue.

What did you expect to happen:
The BSL should be available and AWS config should be set using default profile if credentials.useSecret is set to false.

The following information will help us better understand what's going on:

If you are using velero v1.7.0+:
bundle-2024-06-27-17-44-35.tar.gz

Environment:

  • Velero version (use velero version): v1.14.0
  • Velero features (use velero client config get features): features:
  • Kubernetes version (use kubectl version): v1.28
  • Kubernetes installer & version: EKS
  • Cloud provider or hardware configuration: AWS
  • OS (e.g. from /etc/os-release): Amazon Linux 2

Vote on this issue!

This is an invitation to the Velero community to vote on issues, you can see the project's top voted issues listed here.
Use the "reaction smiley face" up to the right of this comment to vote.

  • 👍 for "I would like to see this bug fixed as soon as possible"
  • 👎 for "There are more important bugs to focus on right now"
@blackpiglet
Copy link
Contributor

/area Cloud/AWS

@reasonerjt
Copy link
Contributor

reasonerjt commented Jul 1, 2024
edited
Loading

This may be introduced by this change:
https://github.com/vmware-tanzu/velero-plugin-for-aws/pull/191/files

@mugdha-adhav
When you say "default profile" did you set the default profile via credential files?
It looks like the credential file you provide is problematic.
Could you clarify whether you configured IRSA in your EKS cluster?

@reasonerjt reasonerjt added the Needs info Waiting for information label Jul 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@reasonerjt reasonerjt

Labels
Area/Cloud/AWS Needs info Waiting for information Needs investigation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@reasonerjt @mugdha-adhav @blackpiglet