我正在尝试为多个AWS区域的多个集群设置velero,虽然我使用Github Actions并在两个不同的vm中运行备份,但us-east-1的EKS集群正在进行备份,没有任何问题,但ap-southeast-2的集群没有。下面是我使用的velero安装命令,它正在安装,没有任何问题,但是ap-southeast-2集群的备份失败,并且在pod日志中得到以下错误。
velero install
--provider aws
--plugins velero/velero-plugin-for-aws:v1.0.1
--no-secret
--bucket $VELERO_BUCKET
--backup-location-config region=$AWS_REGION
--snapshot-location-config region=$AWS_REGION
日志:
time="2021-08-02T13:57:30Z" level=info msg="Checking existence of namespace" logSource="pkg/cmd/server/server.go:337" namespace=velero
time="2021-08-02T13:57:30Z" level=info msg="Namespace exists" logSource="pkg/cmd/server/server.go:343" namespace=velero
time="2021-08-02T13:57:33Z" level=info msg="Checking existence of Velero custom resource definitions" logSource="pkg/cmd/server/server.go:372"
time="2021-08-02T13:57:37Z" level=info msg="All Velero custom resource definitions exist" logSource="pkg/cmd/server/server.go:406"
time="2021-08-02T13:57:37Z" level=info msg="Checking that all backup storage locations are valid" logSource="pkg/cmd/server/server.go:413"
An error occurred: some backup storage locations are invalid: backup store for location "default" is invalid: rpc error: code = Unknown desc = AccessDenied: Access Denied
status code: 403, request id: 1HE7G5DSTZ52KTZW, host id: z65l7EaF66KuZmIxYwWiysO2FaSU4udT39HmajfMii0wXxx6V4I3IoQ7RFwGQSPQAJBqCHcTPME=
注意:我有两个桶,一个在us-east-1中用于该地区的集群,一个在ap-东南-1中用于悉尼地区的集群,两者都是公共的。
所以通过创建creds.json并在安装velero时引用该文件来修复它。no-secrets适用于us-east-1,但不适用于其他地区。