3

Installed velero-client v1.1.0 from git.

Installed velero service with the following command 

velero install --provider aws --bucket velero --secret-file credentials-velero \ 
--use-volume-snapshots=false --use-restic --backup-location-config \ 
region=minio,s3ForcePathStyle="true",s3Url=http://minio.velero.svc:9000,publicUrl=http://<ip:node-port>

And I am getting following error:

An error occurred: some backup storage locations are invalid: backup store for location "default" is invalid: rpc error: code = Unknown desc = AccessDenied: Access Denied

I want to deploy it on k8s.

Mark Watney
  • 5,268
  • 2
  • 11
  • 33
Priyanka
  • 101
  • 1
  • 9

3 Answers3

3

This issue is because of my aws access key and secret key are invalid. Later I have given valid credentials. So, now its working fine.

Priyanka
  • 101
  • 1
  • 9
1

The command you are using needs to be populated with actual information from your environment where:

  • --provider aws instructs Velero to utilize S3 storage which is running on-prem, in my case
  • --secret-file is our Minio credentials
  • --use-restic flag ensures Velero knows to deploy restic for persistentvolume backups
  • --s3Url value is the address of the Minio service that is only resolvable from within the Kubernetes cluster * --publicUrl value is the IP address for the LoadBalancer service that allows access to the Minio UI from outside of the cluster:

Example:

velero install --provider aws \
    --bucket velero \
    --secret-file credentials-velero \ 
    --use-volume-snapshots=false \
    --use-restic \
    --backup-location-config region=minio,s3ForcePathStyle="true",s3Url=http://minio.velero.svc:9000,publicUrl=http://10.96.59.116:9000

This example is available with more details in this blog post.

Mark Watney
  • 5,268
  • 2
  • 11
  • 33
  • Thanks for your response. But I followed the very same thing, in the above command i just replaced public url with my ip and node port of minio service which i deployed it on k8s. Still i am getting the above error. Could please tell me i did any mistake. – Priyanka Nov 26 '19 at 03:16
  • If anyone aware of this error, could you please help me out how to solve this. – Priyanka Nov 26 '19 at 11:11
  • Where are you running your kubernetes? AWS, GCP or other? – Mark Watney Nov 27 '19 at 09:24
  • Thank you. I am running k8s cluster on vmware and I resolved that issue. That issue is because of my aws access key and secret key are invalid. Later I have given valid credentials. So, now its working fine. – Priyanka Nov 28 '19 at 10:53
  • Hello @Priyanka, post this as an answer so if someone have the same problem, they can find your solution. – Mark Watney Nov 28 '19 at 10:58
0

I had a similar concern as well. The credentials were valid but the IAM policy that was assigned to the velero user was not valid.

Here's how I fixed it:

IAM policy:

{
  "Version": "2012-10-17",
  "Statement": [
      {
          "Sid": "VisualEditor0",
          "Effect": "Allow",
          "Action": [
              "s3:PutObject",
              "s3:GetObject",
              "s3:ListBucketMultipartUploads",
              "s3:AbortMultipartUpload",
              "s3:ListBucket",
              "s3:DeleteObject",
              "s3:GetBucketPolicy"
          ],
          "Resource": "arn:aws:s3:::promise-gitlab-*"
      }
  ]
}

Credentials file

[default]
aws_access_key_id = AKIA2Q4N3HXBZ72AB752
aws_secret_access_key = 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

You can test to be sure that the credentials are valid by using the command below:

aws s3 ls s3://s3-bucket-name --recursive --human-readable --summarize --profile default

Finally, install velero:

BUCKET=my-s3-bucket-name
REGION=eu-west-1

velero install \
  --provider aws \
  --plugins velero/velero-plugin-for-aws:latest \
  --bucket $BUCKET \
  --secret-file ./s3-credentials \
  --backup-location-config region=$REGION \
  --snapshot-location-config region=$REGION \
  --use-restic
Promise Preston
  • 24,334
  • 12
  • 145
  • 143