missing harvesterconfig secrets

[ibrokethecloud]

the default resource set created by the backup-restore operator is not backing up the ^harvesterconfig$ secrets in fleet-local namespace.

This is causing issues for users restoring rancher managing harvester based downstream clusters.

[MKlimuszka]

@eliyamlevy , is this similar to #163 ?

[eliyamlevy]

Could be. Could also be related to this issue. Need more info, are there any errors we can use or is it simply not backing up the secrets.

[ibrokethecloud]

based on the default resource set we are not backing up secrets matching ^harvesterconfig in fleet-local namespace

[eliyamlevy]

We have an open pr for this issue.

link

[nickwsuse]

Verified on v2.7.2-rc1

I tried to install the Harvester charts to generate a harvesterconfig secret, but was unable to successfully install either of them. Since the fix seems to be a pretty simple regex change to include secrets named harvesterconfig it seems I can just manually create a secret with that name and still test this change.

1. Manually created an opaque secret named harvesterconfig in the fleet-default namespace
2. Took a backup named harvesterconfig-secret-yes
3. Deleted the harvesterconfig secret created in step 1
4. Created a restore using the backup created in step 2
5. After the restore was complete, I checked to see if the harvesterconfig secret was present

The secret was indeed present, so it seems like this fix is working as expected.

[Martin-Weiss]

Did you test the rancher restore into a fresh cluster with this backup? Or restore after deletion of the harvester credentials?
In my manual testes - the restore of this object failed for some reason - I can re-apply the secret via yaml but when I check it is not there after this. Something seems to delete it automatically… not sure what is going wrong, here…

[nickwsuse]

I don't currently have a way to get actual harvester secrets to test this with, but with a manually created opaque secret named harvesterconfig it appeared on both a local restore (same cluster) after deleting the secret I created, and after doing a migration to a new cluster and using the backup created with the secret on the new cluster.

[Martin-Weiss]

In case I customize the secret during restore and removing these attributes it works for me as well:

diff harvester-cloud-provider-config-564nf.yaml harvester-cloud-provider-config-564nf-2.yaml
8,9d7
<   creationTimestamp: "2023-01-19T10:14:10Z"
<   generateName: harvester-cloud-provider-config-
14,20d11
<   ownerReferences:
<   - apiVersion: provisioning.cattle.io/v1
<     kind: Cluster
<     name: staging
<     uid: 1b3f629c-7938-48d4-9d92-cc86dca8caa5
<   resourceVersion: "30683707"
<   uid: 7e4fdef9-a311-47a8-9110-f0ce4e2f53c0

but in case I leave these attributes in - the restore of the object from yaml does not work / the object gets automatically deleted right after kubectl apply -f <harvester-cloud-provider-config-xxx.yaml>