How to install the velero-plugin-for-Microsoft-azure using command 'tanzu package install velero...' with the --values-file velero-azure-values.yaml
Article ID: 431132
Updated On:
Products
Issue/Introduction
After attempting to install velero-plugin-for-Microsoft-azure using below command for example:
tanzu package install velero -p velero.kubernetes.vmware.com -n tkg-system --version #.##.#+vmware.1-vks.1 --values-file velero-azure-values.yaml
You are shown an error similar to below:
4:53:05PM: Pausing reconciliation for package installation 'velero' in namespace 'tkg-system'
4:53:07PM: Updating secret 'velero-tkg-system-values'
4:53:08PM: Resuming reconciliation for package installation 'velero' in namespace 'tkg-system'
4:53:08PM: Waiting for PackageInstall reconciliation for 'velero'
4:53:09PM: Template failed
| ytt: Error: Validating final data values:
| backupStorageLocation.provider
| from: values.yaml:4
| - must be: one of ["aws"] (by: schema.yaml:9)
| found: not one of allowed values
|
|
|
| Templating dir: Error (see .status.usefulErrorMessage for details)
4:53:09PM: Error tailing app: Reconciling app: Template failed
As per official documentation available here it is noted that only available value when installing is: aws.
Note - There is already a method of installing velero-plugin-for-Microsoft-azure as per guided here in KB 389240.
However, requirement was to install the velero-plugin-for-Microsoft-azure using the command 'tanzu package install velero...'.
Environment
Supervisor v1.29
VKS 3.4.1
Cause
The reason for the error is because azure is not an available value for the provider, so far these is only aws as an available value as per guided here.
Hence why the error specifically advises "must be: one of ["aws"]" and aws is the only available value.
Resolution
Workaround(s):
There are two workarounds,
1 - Use the velero install method as per KB below:
KB 389240
Or
2 - Use the tanzu package install method as per below:
i) Configured the velero-data-values.yaml to omit the backupStorageLocation configuration and only to have below basic details:
logLevel: info
namespace: velero-pkg
velero:
plugins:
- [FQDN]/velero/[velero-plugin-for-Microsoft-azure]:v#.##.# -- where [FQDN] would be replaced with your domain name, [velero-plugin-for-Microsoft-azure] would be replaced with azure plugin name and v#.##.# would be replaced with the plugin version.
ii) Execute the 'tanzu package install' command using this above velero-azure-values.yaml file. The package will successfully render and pull the plugin from configured registry.
iii) Once the Velero pods are running, apply the Azure backupStorageLocation and secret credentials as standalone Custom Resources directly via kubectl.
Note - the backupStorageLocation is as per guided here.
The Azure backupStorageLocation and credentials(secret) yamls should look similar to below:
There is also examples and further details on this credentials secret here and here.
BackupStorageLocation yaml
apiVersion: velero.io/v1
kind: BackupStorageLocation
metadata:
name: <name>
namespace: <namespace>
spec:
provider: azure
objectStorage:
bucket: "<details>"
# THIS BLOCK LINKS THE CRD TO YOUR SECRET
credential:
name: <azure-credentials>
key: <azure>
config:
resourceGroup: "<details>"
storageAccount: "<details>"
subscriptionId: "<details>"
# Set to "true" if using Azure AD Workload Identity / Service Principal.
# If using standard Storage Account Access Keys in your secret, remove this line.
useAAD: "true"
secret yaml
apiVersion: v1
kind: Secret
metadata:
name: <azure-credentials>
namespace: <namespace>
type: Opaque
stringData:
cloud: |
AZURE_SUBSCRIPTION_ID=<AZURE_SUBSCRIPTION_ID>
AZURE_TENANT_ID=<AZURE_TENANT_ID>
AZURE_CLIENT_ID=<AZURE_CLIENT_ID>
AZURE_CLIENT_SECRET=<AZURE_CLIENT_SECRET>
AZURE_RESOURCE_GROUP=<AZURE_RESOURCE_GROUP>
AZURE_CLOUD_NAME=AzurePublicCloud
There are detailed examples and further details on this azure credentials secret both here and here.
Feedback
