Skip to content

Commit

Permalink
Chery pick changes to release-1.5 (#555)
Browse files Browse the repository at this point in the history 
* Update script.
Signed-off-by: Liping Xue <[email protected]>

Signed-off-by: Liping Xue <[email protected]>

* Add warning message in compatibility table. (#534)

* Add warning message in compatibility table.
Signed-off-by: Liping Xue <[email protected]>

* Address comment from Xing.
Signed-off-by: Liping Xue <[email protected]>

* Update link to vSphere documentation in supervisor-datamgr.md file (#536)

* Update vSphere doc link in supervisor-datamgr.md.
Signed-off-by: Liping Xue <[email protected]>

* Address comment from Xing.
Signed-off-by: Liping Xue <[email protected]>

* Update link to data manager ova. (#537)

Signed-off-by: Liping Xue <[email protected]>

* Fix upload retry. (#532)

Signed-off-by: Liping Xue <[email protected]>

* Update support matrix for Vanilla, WCP and GC. (#538)

Signed-off-by: Liping Xue <[email protected]>

* Update support matrix for WCP.
Signed-off-by: Liping Xue [email protected]

Signed-off-by: Liping Xue <[email protected]>

* Update Snapshot and upload CRD status in doc. (#545)

Signed-off-by: Liping Xue [email protected]

Signed-off-by: Liping Xue <[email protected]>

* Add document on Deploy Velero in Supervisor Cluster with Images from Private Registry. (#543)

Signed-off-by: Liping Xue [email protected]

Signed-off-by: Liping Xue [email protected]
Signed-off-by: Liping Xue <[email protected]>

* Update support matrix for Vanilla. (#548)

Signed-off-by: Liping Xue <[email protected]>

* Bump the golang.org/x/net version to v0.17.0 to address CVEs. (#552)

Signed-off-by: Xun Jiang <[email protected]>
Signed-off-by: Liping Xue <[email protected]>

---------

Signed-off-by: Liping Xue <[email protected]>
Signed-off-by: Liping Xue [email protected]
Signed-off-by: Xun Jiang <[email protected]>
Co-authored-by: Xun Jiang/Bruce Jiang <[email protected]>
  • Loading branch information
@lipingxue @blackpiglet
lipingxue and blackpiglet authored Oct 27, 2023
1 parent 02b3d56 commit 63c38ab
Show file tree
Hide file tree
Showing 34 changed files with 627 additions and 103 deletions.
2 changes: 2 additions & 0 deletions docs/guest.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ This document discusses the velero vSphere plugin installation process in a **Ta

| Velero Plugin for vSphere Version | vSphere Version | Kubernetes Version | vSphere CSI Driver Version | Velero Version | vSphere Plugin Deprecated | vSphere Plugin EOL Date |
|-----------------------------------|--------------------|--------------------|----------------------------|----------------|------------|---------------|
| 1.5.1 | 8.0U1 | 1.24 | Bundled with TKGS | 1.10.2 | No | N/A |
| 1.5.1 | 8.0c | 1.24 | Bundled with TKGS | 1.10.2 | No | N/A |
| 1.4.2 | 8.0 | 1.20-1.23 | Bundled with TKGS | 1.9.2 | No | N/A |
| 1.4.2 | 7.0U3h | 1.22 | Bundled with TKGS | 1.9.2 | No | N/A |
| 1.4.0 | 7.0U1c/P02 - 7.0U3 | 1.19-1.22 | Bundled with TKGS | 1.8.1 | No | N/A |
Expand Down
9 changes: 4 additions & 5 deletions docs/supervisor-datamgr.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,8 @@ In a vSphere with Tanzu environment, the Data Manager should be installed as a V

This document discusses the installation procedure for backup data manager for **Velero plugin for vSphere** with kubernetes.

## Changes with release 1.1.0
## Best Practice

Support of vSphere with Tanzu (Supervisor cluster and TKGS cluster) is being added with the release 1.1.0 release.

- As a best practice, Data Manager VMs should be installed on the vSphere compute cluster where the workload cluster is installed.
- Each Data Manager VM can serve upload/download tasks from a single workload cluster and the TKGS clusters in it.
Expand All @@ -18,7 +17,7 @@ Support of vSphere with Tanzu (Supervisor cluster and TKGS cluster) is being add

It is recommended that the Kubernetes backup/restore traffic be separated from the vSphere management network on a workload cluster. A backup network can be configured as an NSX-T network or traditional TDS network. We can add a VMkernel NIC on each ESXi host in the cluster and set the ```vSphereBackupNFC``` on that NIC. This enables backup network traffic to be sent through that NIC. If the ```vSphereBackupNFC``` is not enabled on the VMkernel NIC, the backup traffic will be sent on the management network.

More details can be found in the [vSphere documentation](https://code.vmware.com/docs/12628/virtual-disk-development-kit-programming-guide/GUID-5D166ED1-7205-4110-8D72-0C51BB63CC3D.html).
More details can be found in the [vSphere documentation](https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-networking/GUID-7BC73116-C4A6-411D-8A32-AD5B7A3D5493.html).

Here are some ways to setup a Backup Network with ```vSphereBackupNFC``` tag enabled on a NSX setup.

Expand All @@ -36,7 +35,7 @@ If there is a free physical network adpter on each of the cluster nodes:

## Data Manager Virtual Machine install

The Data Manager Virtual Machine ova can be downloaded from [here](https://vsphere-velero-datamgr.s3-us-west-1.amazonaws.com/datamgr-ob-17253392-photon-3-release-1.1.ova).
The Data Manager Virtual Machine ova can be downloaded from [here](https://github.com/vmware-tanzu/velero-plugin-for-vsphere/releases).

It is recommended to power on the Data manager VM after enabling the velero-vsphere service and installing Velero + vSphere plugin in the Supervisor cluster.

Expand All @@ -48,7 +47,7 @@ It is recommended to power on the Data manager VM after enabling the velero-vsph
- guestinfo.cnsdp.vcPassword
- guestinfo.cnsdp.vcPort
- guestinfo.cnsdp.veleroNamespace
- guestinfo.cnsdp.datamgrImage (if not configured, will use the image from dockerhub vsphereveleroplugin/data-manager-for-plugin:1.1.0)
- guestinfo.cnsdp.datamgrImage
- guestinfo.cnsdp.updateKubectl (default false, to avoid kubectl from wcp master on every VM restart)
3. Power On the Data Manager VM

Expand Down
209 changes: 209 additions & 0 deletions docs/supervisor-deploy-with-image-from-private-registry.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,209 @@
* [Overview](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-Overview)
* [Manifest](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-Manifest)
* [Deploy Velero Operator](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-DeployVeleroOperator)
* [Add Velero vSphere Operator as a vSphere Service](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-AddVelerovSphereOperatorasavSphereService)
* [Install Velero vSphere Operator on Supervisor Cluster(s)](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-InstallVelerovSphereOperatoronSupervisorCluster(s))
* [Successful Deployment of Velero vSphere Operator](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-SuccessfulDeploymentofVelerovSphereOperator)
* [Deploy Velero Instance](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-DeployVeleroInstance)
* [Deploy Data Manager VM](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-DeployDataManagerVM)
* [Create a Supervisor Namespace for Velero](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-CreateaSupervisorNamespaceforVelero)
* [Configure Permission for Supervisor DevOps](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-ConfigurePermissionforSupervisorDevOps)
* [Deploy Velero and Plugins](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-DeployVeleroandPlugins)
* [Images From the Same Private Registry](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-ImagesFromtheSamePrivateRegistry)
* [Images From Any Public Registry](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-ImagesFromAnyPublicRegistry)
* [Successful Deployment of Velero](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-SuccessfulDeploymentofVelero)
* [vSphere UI](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-vSphereUI)
* [Kubectl CLI](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-KubectlCLI)
* [Reference](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-Reference)

Overview
========

In Air-gapped environment, users usually would like to deploy application from private registry which is protected by registry credential. To meet this requirement, we support deploying Velero in Supervisor Cluster with images from private registry.

Manifest
========

* Velero vSphere operator YAML: [https://vmwaresaas.jfrog.io/ui/api/v1/download?repoKey=Velero-YAML&path=Velero%252FSupervisorService%252F1.0.0%252Fvelero-supervisorservice-1.0.0.yaml](https://vmwaresaas.jfrog.io/ui/api/v1/download?repoKey=Velero-YAML&path=Velero%252FSupervisorService%252F1.0.0%252Fvelero-supervisorservice-1.0.0.yaml)

Note: The following screenshots show the installation using Velero vSphere Operator 1.0.0. If you want to install using the latest Velero vSphere Operator version, refer to this [page](https://github.com/vsphere-tmm/Supervisor-Services/blob/main/README.md#velero-versions).

Deploy Velero Operator
======================

Add Velero vSphere Operator as a vSphere Service
------------------------------------------------

Navigate to Workload Management Services page. Click the botton in red box below to add a new service in vSphere Services. (It can be done by corresponding DCLI command as well)

![](supervisor-private-registry-add-service-1.png)



Upload the Velero vSphere operator YAML mentioned in **Manifest** section above.

![](supervisor-private-registry-add-service-2.png)![](supervisor-private-registry-add-service-3.png)



Install Velero vSphere Operator on Supervisor Cluster(s)
--------------------------------------------------------

Select "Install on Supervisors" as below to install the newly added vSphere Service, Velero vSphere Operator, on Supervisor Cluster(s).

![](supervisor-private-registry-install-velero-operator-1.png)



Provide configuration parameters for install Velero vSphere Operator on Supervisor Clusters.

**Note**: To deploy velero operator with images from private registry, both **registryUsername** and **registryPasswd** are required. Please make sure Velero vSphere Operator image with **Select Version** is available in the registry as specified in the **registryName** field.

![](supervisor-private-registry-install-velero-operator-2.png)

The above screenshot shows how add Key Value Pairs of the registry while installing Velero vSphere Operator on Supervisor Cluster as in vCenter 7. 

In VC 8.0, the option will not show as Key Value Pairs as VC 7.0. Customers can provide those options by entering them in "YAML Service Config", see the following example.

![](supervisor-private-registry-install-velero-operator-3.png)

Successful Deployment of Velero vSphere Operator
------------------------------------------------

After Velero vSphere Operator is installed in Supervisor Cluster, we can see that a new vSphere Service instance for Velero vSphere Operator is added to Supervisor Cluster and its Service Status is in the **Configured** state.

![](supervisor-private-registry-install-velero-operator-4.png)![](supervisor-private-registry-install-velero-operator-5.png)



Meanwhile, we can see Velero vSphere operator is in **Running** status in its own Supervisor namespace (svc-velero-vsphere-domain-c8 in this case).

![](supervisor-private-registry-install-velero-operator-6.png)

That's it for deploying Velero vSphere Operator in Supervisor Cluster with image from private registry.

Deploy Velero Instance
======================

Deploy Data Manager VM
======================

Please refer to [https://github.com/vmware-tanzu/velero-plugin-for-vsphere/blob/main/docs/supervisor-datamgr.md](https://github.com/vmware-tanzu/velero-plugin-for-vsphere/blob/main/docs/supervisor-datamgr.md).

Create a Supervisor Namespace for Velero
----------------------------------------

![](supervisor-private-registry-deploy-data-manager-1.png)

![](supervisor-private-registry-deploy-data-manager-2.png)

Configure Permission for Supervisor DevOps
------------------------------------------

Supervisor DevOps will need EDIT permission to deploy Velero in the Supervisor Namespace. It is **optional** for vSphere Admin.

![](supervisor-private-registry-add-permission-1.png)

![](supervisor-private-registry-add-permission-2.png)

Deploy Velero and Plugins
-------------------------

It is supported to deploy Velero and plugins with images in the following two cases.

### Images From the Same Private Registry

**Note**: To deploy Velero with images from private registry as well, it would only work for images from the same private registry whose credential has been provided while enable Velero vSphere Operator in Supervisor Cluster. Also, the **\--use-private-registry** option in the install command is required.

Below is an example of velero-vsphere install command.

```bash
BUCKET=velero-v1.5.1-backups
REGION=minio
NAMESPACE=velero
S3URL=http://csm-minio.eng.vmware.com

VSPHERE_PLUGIN_IMAGE=harbor-stg-repo.vmware.com/velerovsphereoperator/velero-plugin-for-vsphere:v1.3.1
AWS_PLUGIN_IMAGE=harbor-stg-repo.vmware.com/velerovsphereoperator/velero-plugin-for-aws:v1.1.0
VELERO_IMAGE=harbor-stg-repo.vmware.com/velerovsphereoperator/velero:v1.5.1

# install velero in air-gapped environment
velero-vsphere install \
--namespace $NAMESPACE \
--image $VELERO_IMAGE \
--provider aws \
--plugins $AWS_PLUGIN_IMAGE,$VSPHERE_PLUGIN_IMAGE \
--bucket $BUCKET \
--secret-file ~/.minio/credentials \
--snapshot-location-config region=$REGION \
--backup-location-config region=$REGION,s3ForcePathStyle="true",s3Url=$S3URL \
--use-private-registry # <====== Key Option to deploy Velero with images from private registry
```



Instead, the following two cases would end up with **ImagePullBackOff** error below.

* Deploying velero with images from a different private registry.
* Deploying velero with images from the same private registry, but without using the **\--use-private-registry** option in the install command above.

```bash
0s Warning Failed pod/backup-driver-5c585967c9-dbm76 Failed to pull image "harbor-stg-repo.vmware.com/velerovsphereoperator/backup-driver:v1.3.1": rpc error: code = Unknown desc = failed to pull and unpack image "harbor-stg-repo.vmware.com/velerovsphereoperator/backup-driver:v1.3.1": failed to resolve reference "harbor-stg-repo.vmware.com/velerovsphereoperator/backup-driver:v1.3.1": unexpected status code [manifests v1.3.1]: 401 Unauthorized
```

### Images From Any Public Registry

Alternatively, it is also OK to deploy velero instance with images from any other public registry, even if the Velero vSphere Operator is deployed with images from a private registry.

Below is an example of velero-vsphere install command.

```bash
BUCKET=velero-v1.5.1-backups
REGION=minio
NAMESPACE=velero
S3URL=http://csm-minio.eng.vmware.com

VSPHERE_PLUGIN_IMAGE=harbor-repo.vmware.com/velero/velero-plugin-for-vsphere:v1.3.1
AWS_PLUGIN_IMAGE=harbor-repo.vmware.com/velero/velero-plugin-for-aws:v1.1.0
VELERO_IMAGE=harbor-repo.vmware.com/velero/velero:v1.5.1

# install velero in air-gapped environment
velero-vsphere install \
--namespace $NAMESPACE \
--image $VELERO_IMAGE \
--provider aws \
--plugins $AWS_PLUGIN_IMAGE,$VSPHERE_PLUGIN_IMAGE \
--bucket $BUCKET \
--secret-file ~/.minio/credentials \
--snapshot-location-config region=$REGION \
--backup-location-config region=$REGION,s3ForcePathStyle="true",s3Url=$S3URL
```



Successful Deployment of Velero
-------------------------------

Below are observations from both vSphere UI and CLI when Velero and plugins are deployed on Supervisor Cluster sucessfully.

### vSphere UI

![](supervisor-private-registery-deploy-success.png)

### Kubectl CLI

```bash
$ kubectl -n velero get all
NAME READY STATUS RESTARTS AGE
pod/backup-driver-cb4d96d57-glxfz 1/1 Running 0 4m30s
pod/velero-744cfc7ccc-gn6cn 1/1 Running 0 4m47s

NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/backup-driver 1/1 1 1 4m30s
deployment.apps/velero 1/1 1 1 4m48s

NAME DESIRED CURRENT READY AGE
replicaset.apps/backup-driver-cb4d96d57 1 1 1 4m30s
replicaset.apps/velero-744cfc7ccc 1 1 1 4m48s
```

Binary file added docs/supervisor-private-registery-deploy-success.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/supervisor-private-registry-add-permission-1.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/supervisor-private-registry-add-permission-2.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/supervisor-private-registry-add-service-1.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/supervisor-private-registry-add-service-2.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/supervisor-private-registry-add-service-3.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/supervisor-private-registry-deploy-data-manager-1.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/supervisor-private-registry-deploy-data-manager-2.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/supervisor-private-registry-install-velero-operator-1.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/supervisor-private-registry-install-velero-operator-2.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/supervisor-private-registry-install-velero-operator-3.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/supervisor-private-registry-install-velero-operator-4.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/supervisor-private-registry-install-velero-operator-5.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/supervisor-private-registry-install-velero-operator-6.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
3 changes: 2 additions & 1 deletion docs/supervisor.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,9 @@

| Velero Plugin for vSphere Version | vSphere Version | Kubernetes Version | vSphere CSI Driver Version | Velero Version | Velero vSphere Operator Version | Data Manager Version | vSphere Plugin Deprecated | vSphere Plugin EOL Date |
|-----------------------------------|---------------------|-------------------------------------------------------------------|----------------------------|----------------|---------------------------------|---------------|------------|---------------|
| 1.5.1 | 8.0U1 | Bundled with vSphere (1.24) | Bundled with vSphere | 1.10.2 | 1.4.0 | 1.2.0 | No | N/A |
| 1.5.1 | 8.0c | Bundled with vSphere (1.24) | Bundled with vSphere | 1.10.2 | 1.4.0 | 1.2.0 | No | N/A |
| 1.4.2 | 8.0 | Bundled with vSphere (1.22-1.23) | Bundled with vSphere | 1.9.2 | 1.3.0 | 1.2.0 | No | N/A |
| 1.4.2 | 7.0U3h | Bundled with vSphere (1.22) | Bundled with vSphere | 1.9.2 | 1.3.0 | 1.2.0 | No | N/A |
| 1.4.0 | 7.0U3e/f/h | Bundled with vSphere (1.22) | Bundled with vSphere | 1.8.1 | 1.2.0 | 1.1.0 | No | N/A |
| 1.3.1 | 7.0U1c/P02 - 7.0U3d | Bundled with vSphere (1.16-1.19, 1.18-1.20, 1.19-1.21) | Bundled with vSphere | 1.5.1 | 1.1.0 | 1.1.0 | No | N/A |
| 1.3.0 | 7.0U1c/P02 - 7.0U3d | Bundled with vSphere (1.16-1.19, 1.18-1.20, 1.19-1.21) | Bundled with vSphere | 1.5.1 | 1.1.0 | 1.1.0 | Yes | December 2022 |
Expand Down
4 changes: 4 additions & 0 deletions docs/vanilla.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@

| Velero Plugin for vSphere Version | vSphere Version | Kubernetes Version | vSphere CSI Driver Version | Velero Version | vSphere Plugin Deprecated | vSphere Plugin EOL Date |
|-----------------------------------|------------------------|--------------------|-----------------------------------|----------------|------------|---------------|
1.5.1 | 8.0U2 | 1.27 | 3.0.1 | 1.11.1 | No | N/A |
1.5.1 | 8.0U1 | 1.26-1.27 | 3.0.1 | 1.10.2, 1.11.1 | No | N/A |
| 1.4.2 | 8.0 | 1.24-1.25 | 2.7.0 | 1.9.2 | No | N/A |
| 1.4.2 | 7.0U3h | 1.24-1.25 | 2.7.0 | 1.9.2 | No | N/A |
| 1.4.1 | 8.0 | 1.24-1.25 | 2.7.0 | 1.9.2 | No | N/A |
Expand Down Expand Up @@ -280,6 +282,7 @@ Snapshot CRD has a number of phases for the `.status.phase` field:
* Canceling: the upload of snapshot is being cancelled
* Canceled: the upload of snapshot is cancelled
* CleanupAfterUploadFailed: the Cleanup of local snapshot after the upload of snapshot was failed
* UploadFailedAfterRetry: the snapshot is failed to be uploaded after retries, and local snapshot is deleted

#### Uploads

Expand Down Expand Up @@ -330,6 +333,7 @@ Upload CRD has a number of phases for the `.status.phase` field:
* CleanupFailed: delete local snapshot failed after the upload, this case will also be retried
* Canceling: upload is being cancelled. It would happen if `velero backup delete` is called while the upload of snapshot is in progress.
* Canceled: upload is cancelled.
* UploadFailedAfterRetry: Upload failed after retries and local snapshot is deleted.

UploadError uploads will be periodically retried. At that point their phase will return to InProgress. After an upload has been
successfully completed, its record will remain for a period of time and eventually be removed.
Expand Down
Loading

0 comments on commit 63c38ab

Please sign in to comment.