AWS s3 backups with service account: "ERROR Storage credentials secret does not exist"

Luis_Pabon · May 14, 2024, 11:32am

Description:

When configuring backups to s3 using a service account, operator’s logs are inundated with the following error:

2024-05-14T11:23:36.247Z	ERROR	Storage credentials secret does not exist	{"controller": "psmdb-controller", "object": {"name":"mongodb-replicaset","namespace":"mongodb"}, "namespace": "mongodb", "name": "mongodb-replicaset", "reconcileID": "2524bb4f-899f-4b64-8724-e4978886ce43", "secret": ""}
github.com/percona/percona-server-mongodb-operator/pkg/controller/perconaservermongodb.(*ReconcilePerconaServerMongoDB).updatePITR
	/go/src/github.com/percona/percona-server-mongodb-operator/pkg/controller/perconaservermongodb/backup.go:395
github.com/percona/percona-server-mongodb-operator/pkg/controller/perconaservermongodb.(*ReconcilePerconaServerMongoDB).Reconcile
	/go/src/github.com/percona/percona-server-mongodb-operator/pkg/controller/perconaservermongodb/psmdb_controller.go:558
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.1/pkg/internal/controller/controller.go:119
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.1/pkg/internal/controller/controller.go:316
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.1/pkg/internal/controller/controller.go:266
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.1/pkg/internal/controller/controller.go:227

Steps to Reproduce:

---
apiVersion: psmdb.percona.com/v1
kind: PerconaServerMongoDB
metadata:
  name: my-database
spec:
  image: "percona/percona-server-mongodb:6.0.9-7"
  imagePullPolicy: "Always"

  updateStrategy: SmartUpdate

  replsets:
    - name: my-replset

  backup:
    enabled: true
    image: "percona/percona-backup-mongodb:2.4.1"

    serviceAccountName: my-service-account

    tasks:
      - name: once_daily
        enabled: true
        schedule: "3 0 * * *"
        storageName: s3-london

    storages:
      s3-london:
        type: s3
        s3:
          region: eu-west-2
          bucket: my-bucket
          prefix: mongodb

Version:

operator: 1.15.0
mongo: 6.0.9-7
pbm: 2.4.1
kubernetes 1.27
AWS EKS

Expected Result:

No errors, since we’re using a service account we don’t need aws credentials in a secret.

Actual Result:

Errors galore on the log. PBM works correctly, however.

Additional Information:

n/a

Topic		Replies	Views
When operator deletes the backup, an error occurs because the S3 Credential Secret is missing Percona Operator for MongoDB percona , mongodb , psmdb-operator , pbm	1	337	March 20, 2024
All Backups Error Percona Operator for MongoDB	4	1130	March 21, 2022
Issues with operator backup to S3 Percona Operator for MongoDB	7	1094	June 8, 2023
Backup task used wrong sa ?! Percona Operator for MongoDB	1	581	January 30, 2022
ERROR with storage: storage check failed with: get S3 object header: RequestError: send request failed Percona Operator for MongoDB percona , mongodb	8	1937	May 13, 2021