Velero: Restic used during backup, even when not requested
What steps did you take and what happened:
Installed chart 2.19.1 . Values file had:
# Whether to deploy the restic daemonset.
deployRestic: false
The daemonset wasn't deployed, which is good, but something is still attempting to create secrets. We are running with a read-only clusterrole, and got the following error:
{"level":"warning","logSource":"pkg/cmd/server/server.go:496","msg":"Velero restic daemonset not found; restic backups/restores will not work until it's created","time":"2021-04-30T04:32:21Z"}
An error occurred: error creating velero-restic-credentials secret: secrets is forbidden: User "system:serviceaccount:platform-backup:default-velero-server" cannot create resource "secrets" in API group "" in the namespace "platform-backup"
When that permission was provided, a secret was created: velero-restic-credentials
What did you expect to happen:
No need to create secrets, no secret created,
Environment:
- helm version: v3.5.4
- helm chart version: 2.19.1
- Kubernetes version: GKE - v1.18.16-gke.2100
- Cloud provider or hardware configuration: Google GKE
simon-anz
All 4 comments
This is probably a restic issue, not a chart issue.
simon-anz
on 3 May 2021
Yeah, totally is. Looks like this is created by Velero when setting up the Restic repository
regardless of whether Restic is enabled
simon-anz
on 3 May 2021
@carlisia Would you mind moving this issue to vmware-tanzu/velero? Thank you.
jenting
on 5 May 2021
@jenting, done!
carlisia
on 5 May 2021
Related issues
debianmaster
路
3Comments
carlisia
路
4Comments
Berndinox
路
3Comments
abh
路
4Comments
Yggdrasil
路
3Comments