Support for multiple set of credentials for VolumeSnapshotLocations #4115
Comments
ywk253100
added
kind/requirement
Needs Product
|
👍🏼 Need this feature ASAP. This seems very important for Disaster recovery reasons. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
Hi @pradeepkchaturvedi. Backing up to multiple subscriptions can currently be achieved with the Azure plugin by ensuring that the credential created can access multiple subscriptions. When creating the Service Principal that Velero will use to interact with Azure, multiple subscriptions can be specified (see step 2 in the docs for creating the service principal). Different VolumeSnapshotLocations can then be created referencing each of the subscriptions that the user wishes to take snapshots in but Velero will only use the single credential. This feature is only available for Azure currently as AWS and GCP don't support taking snapshots in different accounts and Velero does not yet support data movement to different accounts/regions. For other providers, allowing different credentials isn't as valuable as the snapshots are usually tied to the account where the volume exists and Velero will already have a credential to interact with volumes in that account. Do you see a need to support multiple credentials on providers other than Azure? |
|
Hi @zubron Thanks. Yes, currently main challenge is with Azure provider. We did mention option of having service principle created for multiple subscription with customers. There were security concerns for creating service principle with access to many subscriptions specially if there are 100s of Azure subscriptions, for having flexibility to choose any subscription for volume snapshot, service principal needs access to many subscription. I think, portworx plugin also has concept of local or cloud snapshot location for volumes, though I am not sure if it needs different credentials. |
|
Removing the v1.8 milestone per discussion with Eleanor. |
Azure disk supports volume snapshot to different Azure subscription as mentioned in https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure/blob/main/volumesnapshotlocation.md
User wants to schedule backups for a AKS cluster to two different subscriptions with volume snapshot option option. As mentioned https://velero.io/docs/v1.6/locations/#docs only single set of credential supported for volume snapshot.
Like BSL supports specifying a credential at time of backup, user should also able to specify credential for Volume Snapshot.
The text was updated successfully, but these errors were encountered: