Skip to main content
  • EN

Hi guys,

I can't complete the backup, it crashes on “Snapshotting Application Components” with the following error:

cause:
  cause:
    cause:
      message: "Failed to get volume, volumeID:
        /subscriptions/001a419c-366c-471a-a548-d814ac32a7d5/resourceGroups/mc_r\
        g.hcl_aks01-hcl-uat_westeurope/providers/Microsoft.Compute/disks/kubern\
        etes-dynamic-pvc-8ece68f1-6f95-4c9b-b92d-9bd1052baa47:
        azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token
        for request to
        https://management.azure.com/subscriptions/001a419c-366c-471a-a548-d814\
        ac32a7d5/resourceGroups/mc_rg.hcl_aks01-hcl-uat_westeurope/providers/Mi\
        crosoft.Compute/disks/kubernetes-dynamic-pvc-8ece68f1-6f95-4c9b-b92d-9b\
        d1052baa47?api-version=2019-03-01: StatusCode=401 -- Original Error:
        adal: Refresh request failed. Status Code = '401'. Response body:
        {\"error\":\"invalid_client\",\"error_description\":\"AADSTS7000215:
        Invalid client secret provided. Ensure the secret being sent in the
        request is the client secret value, not the client secret ID, for a
        secret added to app 'f3584796-8cf1-4b98-8430-24ade5bc9e2a'.\\r\\nTrace
        ID: 6a3db7cd-fa82-47ba-a928-e27a68162400\\r\\nCorrelation ID:
        32d17ec2-06c5-4e05-9619-313009da86fc\\r\\nTimestamp: 2022-03-28
        08:32:37Z\",\"error_codes\":a7000215],\"timestamp\":\"2022-03-28
        08:32:37Z\",\"trace_id\":\"6a3db7cd-fa82-47ba-a928-e27a68162400\",\"cor\
        relation_id\":\"32d17ec2-06c5-4e05-9619-313009da86fc\",\"error_uri\":\"\
        https://login.microsoftonline.com/error?code=7000215\"} Endpoint
        https://login.microsoftonline.com/85085aac-cf92-4eeb-a7d5-2dfefbfeee74/\
        oauth2/token?api-version=1.0"
    fields:
      - name: VolumeID
        value: /subscriptions/001a419c-366c-471a-a548-d814ac32a7d5/resourceGroups/mc_rg.hcl_aks01-hcl-uat_westeurope/providers/Microsoft.Compute/disks/kubernetes-dynamic-pvc-8ece68f1-6f95-4c9b-b92d-9bd1052baa47
    file: kasten.io/k10/kio/exec/phases/phase/snapshot.go:535
    function: kasten.io/k10/kio/exec/phases/phase.ProviderSnapshot
    linenumber: 535
    message: Volume unavailable
  fields:
    - name: appName
      value: ***qaauthsearch-app-master
    - name: appType
      value: deployment
    - name: namespace
      value: commerce
  file: kasten.io/k10/kio/exec/phases/backup/snapshot_data_phase.go:612
  function: kasten.io/k10/kio/exec/phases/backup.basicVolumeSnapshot
  linenumber: 612
  message: Failed to snapshot volumes
message: Job failed to be executed
fields: o]

I ask for help from those who are more experienced, thanks in advance.

Hello 

Did you double check that in the response error message ?

 Response body:
        {\"error\":\"invalid_client\",\"error_description\":\"AADSTS7000215:
        Invalid client secret provided. Ensure the secret being sent in the
        request is the client secret value, not the client secret ID, for a
        secret added to app 'f3584796-8cf1-4b98-8430-24ade5bc9e2a'.\\r\\nTrace
        ID: 6a3db7cd-fa82-47ba-a928-e27a68162400

Hi Michael thanks for reply,

I had seen that the problem was the client secret id but how should I configure Kasten if the Kubernetes cluster uses Managed Identity (User Assigned) kubelet, secretless?

Hello

I just want to respond back to the message above, but at this time, K10 does not support Managed Identity in Azure. At this time, we only support Service Principle. This is likely to explain the error above.

 

Thanks

Emmanuel

Hi everybody,
I have overcome the previous problem, creating an Azure App Registrations but I keep getting an error on the same policy, now the message is this:
causes:
  causes:
    causes:
      causes:
        message: resource name may not be empty
      fields:
        - name: scName
          value: ""
      file: kasten.io/k10/kio/exec/phases/phase/snapshot.go:693
      function: kasten.io/k10/kio/exec/phases/phase.ForceGVSOnStorageClass
      linenumber: 693
      message: Could not get storageclass
    file: kasten.io/k10/kio/exec/phases/phase/snapshot.go:217
    function: kasten.io/k10/kio/exec/phases/phase.FetchSnapshotSession
    linenumber: 217
    message: Failed to determine if PVC requires a GenericVolumeSnapshot
  file: kasten.io/k10/kio/exec/phases/backup/snapshot_data_phase.go:106
  function: kasten.io/k10/kio/exec/phases/backup.(*SnapshotDataPhase).Run
  linenumber: 106
  message: Failed to fetch the snapshot session
message: Job failed to be executed
fields: e]

what am I still wrong?

 

Now the problem is in preflight check: CSI Provisioner doesn't have VolumeSnapshotClass -Error

reading on some blogs I should add these parameters to my configuration:
apiVersion: snapshot.storage.k8s.io/v1beta1
driver: hostpath.csi.k8s.io
kind: VolumeSnapshotClass
metadata:
annotations: k10.kasten.io/is-snapshot-class: "true"
name: csi-hostpath-snapclass

but what commands should I use?

 

I find the method for add previous parameters but the policy keeps returning the error from the previous post.

Hello,

 

Could you please provide the results of the commands below.

 

kubectl get sc

kubectl get volumesnapshotclass

kubectl get csidrivers

 

Thanks

Emmanuel

Hi,

thanks!!

this is last error:

 

UPDATE:

We got to the nature of the problem!

“pim-share-uat-pvc” is a static PVC whitout storageclass.

Can Kasten take static PVC snapshots?

Thanks

 

Hello ebsglobal,

Is this PVC bound to any pods?

Thanks

Emmanuel

Comment


Terms & Conditions