Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

velero vSphere Operator need to provide the registry credentials to velero-vsphere plugin by matching registry repo name only #458

Open
myminseok opened this issue Mar 31, 2022 · 0 comments
Open

velero vSphere Operator need to provide the registry credentials to velero-vsphere plugin by matching registry repo name only #458

myminseok opened this issue Mar 31, 2022 · 0 comments
Assignees
@lintongj

Comments

@myminseok
Copy link

myminseok commented Mar 31, 2022
edited
Loading

Describe the bug

For TKGs on air-gapped env, followed installation procedure and especially using private registry guide. we encountered errors in installing velero-vsphere plugin due to not getting access credentials to the private container repo from velero-operator.

To Reproduce

  1. download Image for velero
    vsphereveleroplugin/velero-vsphere-operator:1.1.0
    vsphereveleroplugin/velero-plugin-for-vsphere:v1.3.1
    vsphereveleroplugin/backup-driver:v1.3.1
    vsphereveleroplugin/data-manager-for-plugin:v1.3.1
    velero/velero:v1.5.1
    velero/velero-plugin-for-aws:v1.1.0

  2. tag and upload to repo.

docker tag vsphereveleroplugin/velero-vsphere-operator:1.1.0 <PRIVATE_REGISTRY>/<PROJECT_REPO>/vsphereveleroplugin/velero-vsphere-operator:1.1.0
docker tag vsphereveleroplugin/velero-plugin-for-vsphere:v1.3.1 <PRIVATE_REGISTRY>/<PROJECT_REPO>/vsphereveleroplugin/velero-plugin-for-vsphere:v1.3.1
docker tag vsphereveleroplugin/backup-driver:v1.3.1 <PRIVATE_REGISTRY>/<PROJECT_REPO>/vsphereveleroplugin/backup-driver:v1.3.1
docker tag vsphereveleroplugin/data-manager-for-plugin:v1.3.1 <PRIVATE_REGISTRY>/<PROJECT_REPO>/vsphereveleroplugin/data-manager-for-plugin:v1.3.1
docker tag velero/velero:v1.5.1 <PRIVATE_REGISTRY>/<PROJECT_REPO>/velero/velero:v1.5.1
docker tag velero/velero-plugin-for-aws:v1.1.0 <PRIVATE_REGISTRY>/<PROJECT_REPO>/velero/velero-plugin-for-aws:v1.1.0

  1. install velero operator
    repository url: <PRIVATE_REGISTRY>/<PROJECT_REPO>/vsphereveleroplugin
    repository credentials: to the <PRIVATE_REGISTRY>/<PROJECT_REPO>

  2. install velero-vsphere plugin
    velero-vsphere install
    --namespace velero
    --image <PRIVATE_REGISTRY>/<PROJECT_REPO>/velero/velero:v1.5.1
    --provider aws
    --plugins <PRIVATE_REGISTRY>/<PROJECT_REPO>/velero/velero-plugin-for-aws:v1.1.0,<PRIVATE_REGISTRY>/<PROJECT_REPO>/velero/vsphereveleroplugin-plugin-for-vsphere:v1.3.1
    --bucket velero
    --secret-file s3-credentials
    --snapshot-location-config region=minio
    --backup-location-config region=minio,s3ForcePathStyle="true",s3Url=http://
    --use-private-registry

Expected behavior

velero-vsphere plugin should be installed with downloading proper images. but failing to access repo with following error:
"Code 400: Image Pull Access Denied. the repository doesn't exist or may require authorization. insufficnent scope: authorization failed."

Troubleshooting Information
the workaround was to tag and upload all velero images to the same directory path under project in the private container registry. for example velero instaead of vsphereveleroplugin
because otherwise installing velero-vsphere plugin fails to authenticate to the embedded harbor.
It seems that velero operator does exact matching the harbor credentials with the given repository url <PRIVATE_REGISTRY>/<PROJECT_REPO>/velero

docker tag vsphereveleroplugin/velero-vsphere-operator:1.1.0 <PRIVATE_REGISTRY>/<PROJECT_REPO>/velero/velero-vsphere-operator:1.1.0
docker tag vsphereveleroplugin/velero-plugin-for-vsphere:v1.3.1 <PRIVATE_REGISTRY>/<PROJECT_REPO>/velero/velero-plugin-for-vsphere:v1.3.1
docker tag vsphereveleroplugin/backup-driver:v1.3.1 <PRIVATE_REGISTRY>/<PROJECT_REPO>/velero/backup-driver:v1.3.1
docker tag vsphereveleroplugin/data-manager-for-plugin:v1.3.1 <PRIVATE_REGISTRY>/<PROJECT_REPO>/velero/data-manager-for-plugin:v1.3.1
docker tag velero/velero:v1.5.1 <PRIVATE_REGISTRY>/<PROJECT_REPO>/velero/velero:v1.5.1
docker tag velero/velero-plugin-for-aws:v1.1.0 <PRIVATE_REGISTRY>/<PROJECT_REPO>/velero/velero-plugin-for-aws:v1.1.0

velero-vsphere install
--namespace velero
--image <PRIVATE_REGISTRY>/<PROJECT_REPO>/velero/velero:v1.5.1
--provider aws
--plugins <PRIVATE_REGISTRY>/<PROJECT_REPO>/velero/velero-plugin-for-aws:v1.1.0,<PRIVATE_REGISTRY>/<PROJECT_REPO>/velero/velero-plugin-for-vsphere:v1.3.1
--bucket velero
--secret-file s3-credentials
--snapshot-location-config region=minio
--backup-location-config region=minio,s3ForcePathStyle="true",s3Url=http://
--use-private-registry
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lintongj lintongj

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@myminseok @lintongj