UNCLASSIFIED - NO CUI

Skip to content

Add Required Volumes for Kopia Integration with Velero

Joshua Holt requested to merge holt-kopia-integration into main

Overview

These Changes are to support Velero's integration with Kopia. The Velero project is slowly moving away from restic to kopia for the file storage solution. On F35, we use EFS for a couple different applications and there is a known issue with being able to restore EFS volumes using Restic. Kopia does not have that same issue so I started testing Kopia with the bigbang deployment of velero.

There are two issues with the current BigBang Velero deployment:

  1. The velero container runs as nobody for the deployment. Kopia creates cache folders locally when running a backup or restore and the container does not have the permissions to create those folders as it runs as "nobody". Kopia tried to create two folders during a backup but it failed due to permission denied errors.

  2. The node-agent DaemonSet runs as root but does not have permissions to create the cache folders. Kopia also tried to create two folders in the node-agent container during a backup but it failed due to permission denied errors.

Changes

To fix this issue, I added both the required folders as emptyDir volumes and mounted them into the velero container in the Deployment and in the DaemonSet with the permissions set. This allowed the kopia process to create the cache and repo files as required in the container.

Tested

using this configuration applied to the helmchart, we were able to use Kopia to backup and restore an EFS Volume of Jira successfully.

Merge request reports