Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No resources should be backed up with non-matching label, but the namespace is backed up #7749

Open
ywk253100 opened this issue Apr 28, 2024 · 1 comment
Open

No resources should be backed up with non-matching label, but the namespace is backed up #7749

ywk253100 opened this issue Apr 28, 2024 · 1 comment
Labels
Area/Filters

Comments

@ywk253100
Copy link
Contributor

Create a backup with velero backup create test11 --include-namespaces default --snapshot-volumes --wait --selector app=etcd0, because the label app=etcd0 doesn't match any resource, there should be no resource in the backup, but the backup contains the namespace resource.

The workload:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: etcd0-pv-claim
spec:
  storageClassName: "default"
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
---
apiVersion: v1
kind: Pod
metadata:
  labels:
    app: etcd
    etcd_node: etcd0
  name: etcd0
  annotations:
    "pre.hook.backup.velero.io/container": "etcd0"
    "pre.hook.backup.velero.io/command": "[\"/usr/local/bin/etcd\", \"-h\"]"
spec:
  volumes:
    - name: etcd0-storage
      persistentVolumeClaim:
        claimName: etcd0-pv-claim
  containers:
    - command:
        - /usr/local/bin/etcd
        - --name
        - etcd0
        - --initial-advertise-peer-urls
        - http://etcd0:2380
        - --listen-peer-urls
        - http://0.0.0.0:2380
        - --listen-client-urls
        - http://0.0.0.0:2379
        - --advertise-client-urls
        - http://etcd0:2379
        - --initial-cluster
        - etcd0=http://etcd0:2380,etcd1=http://etcd1:2380,etcd2=http://etcd2:2380
        - --initial-cluster-state
        - new
      image: quay.io/coreos/etcd:latest
      volumeMounts:
        - mountPath: "/etcd0.etcd"
          name: etcd0-storage
      name: etcd0
      ports:
        - containerPort: 2379
          name: client
          protocol: TCP
        - containerPort: 2380
          name: server
          protocol: TCP
  restartPolicy: Always

Describe the backup:

velero backup describe test11 --details
Name:         test11
Namespace:    velero
Labels:       velero.io/storage-location=default
Annotations:  velero.io/resource-timeout=10m0s
              velero.io/source-cluster-k8s-gitversion=v1.28.7+vmware.1
              velero.io/source-cluster-k8s-major-version=1
              velero.io/source-cluster-k8s-minor-version=28

Phase:  Completed


Namespaces:
  Included:  default
  Excluded:  <none>

Resources:
  Included:        *
  Excluded:        <none>
  Cluster-scoped:  auto

Label selector:  app=etcd0

Or label selector:  <none>

Storage Location:  default

Velero-Native Snapshot PVs:  true
Snapshot Move Data:          true
Data Mover:                  velero

TTL:  720h0m0s

CSISnapshotTimeout:    10m0s
ItemOperationTimeout:  4h0m0s

Hooks:  <none>

Backup Format Version:  1.1.0

Started:    2024-04-28 08:35:50 +0000 UTC
Completed:  2024-04-28 08:35:51 +0000 UTC

Expiration:  2024-05-28 08:35:50 +0000 UTC

Total items to be backed up:  1
Items backed up:              1

Resource List:
  v1/Namespace:
    - default

Backup Volumes:
  Velero-Native Snapshots: <none included>

  CSI Snapshots: <none included>

  Pod Volume Backups: <none included>

HooksAttempted:  0
HooksFailed:     0

The default namespace:

kubectl get ns default -o yaml
apiVersion: v1
kind: Namespace
metadata:
  creationTimestamp: "2024-04-26T02:00:45Z"
  labels:
    kubernetes.io/metadata.name: default
  name: default
  resourceVersion: "49"
  uid: 8500642b-916a-4487-a657-d462d7eb85dd
spec:
  finalizers:
  - kubernetes
status:
  phase: Active
@blackpiglet
Copy link
Contributor

blackpiglet commented Apr 29, 2024
edited

The current behavior of the item collector for the namespace resource is the namespaces passed the backup.Spec.NamespaceIncludesExcludes.ShouldInclude check is included in the backup.

Because the backup includes this parameter --include-namespaces default, the default namespace is included into the resource list.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area/Filters
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ywk253100 @blackpiglet