Integrated bb-common
General MR
Summary
- Replaced static resources with bb-common generated resources
- Updated scripted test to remove minio bucket creation (this is now done in our test-values.yaml)
Relevant logs/screenshots
Before integration:
kubectl get netpol -n velero
NAME POD-SELECTOR AGE
allow-egress-api <none> 3h11m
allow-egress-minio <none> 3h11m
allow-egress-storage app.kubernetes.io/instance=velero-velero,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=velero 3h11m
allow-in-ns <none> 3h11m
allow-istio <none> 3h11m
allow-scraping app.kubernetes.io/instance=velero-velero,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=velero,helm.sh/chart=velero-11.3.2-bb.0 3h11m
allow-sidecar-scraping <none> 3h11m
allow-tempo-egress <none> 3h11m
allow-velero-test-script service.istio.io/canonical-name=velero-script-test 3h11m
default-deny <none> 3h11m
egress-dns <none> 3h11mkubectl get ap -n velero
NAME ACTION AGE
allow-http-envoy-prom-policy ALLOW 3h11m
allow-http-policy ALLOW 3h11m
monitoring-authz-policy ALLOW 3h11m
tempo-authz-policy ALLOW 3h11mkubectl get se -n velero
NAME HOSTS LOCATION RESOLUTION AGE
allow-minio-api-9000-for-velero ["minio-api.dev.bigbang.mil"] MESH_EXTERNAL DNS 3h11m
allow-minio-api-https-for-velero ["minio-api.dev.bigbang.mil"] MESH_EXTERNAL DNS 3h11m
allow-neuvector-for-velero ["neuvector.dev.bigbang.mil"] MESH_EXTERNAL DNS 3h11m
cypress-service-entries-velero ["registry.npmjs.org","download.cypress.io","cdn.cypress.io","repo1.dso.mil"] MESH_EXTERNAL DNS 3h11mkubectl get pa -n velero
NAME MODE AGE
default-velero STRICT 3h11m
After bb-common Integration:
kubectl get netpol -n velero
NAME POD-SELECTOR AGE
allow-egress-api <none> 3h55m
allow-egress-from-velero-to-kubeapi app.kubernetes.io/name=velero 3m23s
allow-egress-from-velero-to-ns-minio-pod-minio-instance-tcp-port-9000 app.kubernetes.io/name=velero 3m23s
allow-egress-from-velero-to-ns-tempo-pod-tempo-tcp-port-9411 app.kubernetes.io/name=velero 3m23s
allow-egress-from-velero-to-storage-subnets app.kubernetes.io/name=velero 3m23s
allow-ingress-to-velero-tcp-port-8085-from-ns-monitoring-pod-prometheus app.kubernetes.io/name=velero 3m23s
default-egress-allow-all-in-ns <none> 3m23s
default-egress-allow-istiod <none> 3m23s
default-egress-allow-kube-dns <none> 3m23s
default-egress-deny-all <none> 3m23s
default-ingress-allow-all-in-ns <none> 3m23s
default-ingress-allow-prometheus-to-istio-sidecar <none> 3m23s
default-ingress-deny-all <none> 3m23skubectl get ap -n velero
NAME ACTION AGE
allow-ingress-to-velero-tcp-port-8085-from-ns-monitoring-with-identity-monitoring-monitoring-kube-prometheus ALLOW 3m28s
default-authz-allow-all-in-ns ALLOW 3m28s
default-authz-allow-nothing 3m28skubectl get se -n velero
No resources found in velero namespace. (None were needed)kubectl get pa -n velero
NAME MODE AGE
default-peer-auth STRICT 3m50s
Backup Storage location is now available by default without the test needing to be run (if using test-values.yaml):
kubectl get bsl -n velero
NAME PHASE LAST VALIDATED AGE DEFAULT
default Available 64s 16m truevelero backup create monitoringbackup --include-namespaces=monitoring
Backup request "monitoringbackup" submitted successfully.
Run `velero backup describe monitoringbackup` or `velero backup logs monitoringbackup` for more details.velero backup describe monitoringbackup
Name: monitoringbackup
Namespace: velero
Labels: velero.io/storage-location=default
Annotations: velero.io/resource-timeout=10m0s
velero.io/source-cluster-k8s-gitversion=v1.34.1+k3s1
velero.io/source-cluster-k8s-major-version=1
velero.io/source-cluster-k8s-minor-version=34
Phase: Completed
Namespaces:
Included: monitoring
Excluded: <none>
Resources:
Included cluster-scoped: <none>
Excluded cluster-scoped: volumesnapshotcontents.snapshot.storage.k8s.io
Included namespace-scoped: *
Excluded namespace-scoped: volumesnapshots.snapshot.storage.k8s.io
Label selector: <none>
Storage Location: default
Velero-Native Snapshot PVs: auto
TTL: 720h0m0s
CSISnapshotTimeout: 10m0s
ItemOperationTimeout: 4h0m0s
Hooks: <none>
Backup Format Version: 1.1.0
Started: 2026-01-23 14:37:47 -0600 CST
Completed: 2026-01-23 14:37:49 -0600 CST
Expiration: 2026-02-22 14:37:47 -0600 CST
Total items to be backed up: 426
Items backed up: 426
Velero-Native Snapshots: <none included>Linked Issue
Upgrade Notices
Velero is now leveraging our bb-common integration for network policies and all istio-related resources. Please refer to this blog post for additional information on the integration.
Umbrella Branch
bb-common-velero
Edited by Jimmy Bourque