Velero 无法从不同的 EKS 集群访问同一个 S3

tag-icon tag-icon amazon-s3 amazon-eks
Velero 无法从不同的 EKS 集群访问同一个 S3

我已经velero在同一区域的两个不同 EKS 集群上进行了安装。所有 velero 安装配置都相同,使用相同的图表和凭据进行安装,并使用具有相同 IAM 策略和角色的相同 S3 存储桶。

然而,虽然 cluster-1 上的 velero 运行正常,但 cluster-2 上的 Velero 在进行备份或恢复备份时却抛出了以下错误。

I0229 18:28:30.285113       1 request.go:690] Waited for 1.030005747s due to client-side throttling, not priority and fairness, request: GET:https://182.20.0.2:443/apis/admissionregistration.k8s.io/v1?timeout=32s
time="2024-02-29T18:28:30Z" level=error msg="cannot list VolumeSnapshotClass no matches for kind \"VolumeSnapshotClass\" in version \"snapshot.storage.k8s.io/v1\"" backup=velero/lokibu-9 error="no matches for kind \"VolumeSnapshotClass\" in version \"snapshot.storage.k8s.io/v1\"" logSource="internal/volume/volumes_information.go:468"
time="2024-02-29T18:28:31Z" level=error msg="Error uploading log file" backup=lokibu-9 bucket=velero-clusterx error="rpc error: code = Unknown desc = error putting object backups/lokibu-9/lokibu-9-logs.gz: operation error S3: PutObject, https response error StatusCode: 403, RequestID: *****, HostID: *****=, api error AccessDenied: Access Denied" error.file="/go/src/velero-plugin-for-aws/velero-plugin-for-aws/object_store.go:246" error.function="main.(*ObjectStore).PutObject" logSource="pkg/persistence/object_store.go:252" prefix=
time="2024-02-29T18:28:31Z" level=info msg="Initial backup processing complete, moving to Finalizing" backup=velero/lokibu-9 logSource="pkg/controller/backup_controller.go:743"
time="2024-02-29T18:28:31Z" level=error msg="backup failed" backuprequest=velero/lokibu-9 controller=backup error="rpc error: code = Unknown desc = error putting object backups/lokibu-9/velero-backup.json: operation error S3: PutObject, https response error StatusCode: 403, RequestID: *****, HostID: *****=, api error AccessDenied: Access Denied" logSource="pkg/controller/backup_controller.go:288"
time="2024-02-29T18:28:31Z" level=info msg="Updating backup's final status" backuprequest=velero/lokibu-9 controller=backup logSource="pkg/controller/backup_controller.go:307"
time="2024-02-29T18:28:54Z" level=info msg="Validating BackupStorageLocation" backup-storage-location=velero/default controller=backup-storage-location logSource="pkg/controller/backup_storage_location_controller.go:141"
time="2024-02-29T18:28:54Z" level=info msg="BackupStorageLocations is valid, marking as available" backup-storage-location=velero/default controller=backup-storage-location logSource="pkg/controller/backup_storage_location_controller.go:126"

主要问题似乎是operation error S3: PutObject, https response error StatusCode: 403。这很令人困惑,因为具有相同策略的相同存储桶可以从其他集群访问。此外,我尝试手动执行aws s3 cp loki9-logs.gz s3://velero-clusterx/,效果很好。

所以,我不确定这里的问题是什么?

相关内容