Hi,
First time poster so I hope this message is appropriate here.
I am just getting started with Velero. My primary reason that brought me to Velero was to create a sort of 'blue/green' deployment when upgrading Kubernetes.
I have a cluster running on AWS it is a pure EKS Fargate cluster with no EC2 nodes.
I can successfully backup my cluster. I exclude the Velero namespace and the coredns deployment.
When it comes to restoring the backup into a new cluster, I manually create the cluster from the same (edited) yaml and the create the restore.
After the restore I am faced with two issues.
The first is that although the aws-loadbalancer-controllers are restored they can't trigger the creation of the ALB. The logs from the pods log;
"error":"WebIdentityErr: failed to retrieve credentials\ncaused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity\n\tstatus code: 403, request id: 2fd60bad-61c0-4038-8cac-202250f1a1fa"}
The second issue is with the metrics-server. It is restored and running but does not return any data. I dumps to file as many obects as I could such as service accounts, rolebinding etc. from both the source cluster and restored cluster performed a diff against them.
The only difference was aws-loadbalancer-controller-leader-election-rolebinding was missing from the restored cluster. Everything else was identical.
The source cluster and the restored cluster are both in the same VPC with access to the same IAM policies and roles.
Removing both the loadbalancer-controller and metrics-server deployments and then redeploying them resolves the issue.
Could someone please shed some light on why these two deployments don't function correctly on a restore and need to be removed and redeployed.
I am using Velero 1.14 and Kubernetes 1.29
Many thanks in advance for any assistance.
Patrick