mirrors/velero
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/velero.git synced 2025-12-23 06:15:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Clarify thirdparty label/annotations on the maintenance jobs (#8930)
Some checks failed
Run the E2E test on kind / build (push) Failing after 7m28s
Details
Run the E2E test on kind / setup-test-matrix (push) Successful in 4s
Details
Run the E2E test on kind / run-e2e-test (push) Has been skipped
Details
Close stale issues and PRs / stale (push) Successful in 19s
Details
Trivy Nightly Scan / Trivy nightly scan (velero, main) (push) Failing after 1m43s
Details
Trivy Nightly Scan / Trivy nightly scan (velero-plugin-for-aws, main) (push) Failing after 1m21s
Details
Trivy Nightly Scan / Trivy nightly scan (velero-plugin-for-gcp, main) (push) Failing after 1m27s
Details
Trivy Nightly Scan / Trivy nightly scan (velero-plugin-for-microsoft-azure, main) (push) Failing after 1m13s
Details

Browse Source 
* Clarify thirdparty label/annotations on the maintenance jobs

Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>

* Clarify that maintenance jobs do not inherit all labels/annotations

- Address PR review feedback and issue #8974
- Make it explicit that only specific predefined third-party labels and annotations are propagated
- Add Important note to prevent user confusion about label/annotation inheritance behavior
- Currently only azure.workload.identity/use label and iam.amazonaws.com/role annotation are inherited

Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>

---------

Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>
Co-authored-by: Xun Jiang/Bruce Jiang <59276555+blackpiglet@users.noreply.github.com>
This commit is contained in:
Tiger Kaovilai
2025-07-09 21:58:38 -04:00
committed by GitHub
parent 5c0cb58f6a
commit 4f06b6e1af
2 changed files with 36 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
site/content/docs/main/repository-maintenance.md
View File

@@ -155,9 +155,26 @@ Status:
- `Recent Maintenance` keeps the status of the recent 3 maintenance jobs, including its start time, result (succeeded/failed), completion time (if the maintenance job succeeded), or error message (if the maintenance failed)
### Others
Maintenance jobs will inherit the labels, annotations, toleration, nodeSelector, service account, image, environment variables, cloud-credentials etc. from Velero deployment.
Maintenance jobs will inherit toleration, nodeSelector, service account, image, environment variables, cloud-credentials etc. from Velero deployment.
For labels and annotations, maintenance jobs do NOT inherit all labels and annotations from the Velero deployment. Instead, they include:
**Labels:**
* `velero.io/repo-name: <repository-name>` - automatically added to identify which repository they are maintaining
* Only specific [third-party labels][4] from the Velero server deployment that are in the predefined list, currently limited to:
* `azure.workload.identity/use`
**Annotations:**
* Only specific [third-party annotations][5] from the Velero server deployment that are in the predefined list, currently limited to:
* `iam.amazonaws.com/role`
**Important:** Other labels and annotations from the Velero deployment are NOT inherited by maintenance jobs. This is by design to ensure only specific labels and annotations required for cloud provider identity systems are propagated.
Maintenance jobs will not run for backup repositories whose backup storage location is set as readOnly.
[1]: velero-install.md#usage
[2]: node-agent-concurrency.md
[3]: backup-repository-configuration.md#full-maintenance-interval-customization
[4]: https://github.com/vmware-tanzu/velero/blob/d5a2e7e6b9512e8ba52ec269ed5ce9a0fa23548c/pkg/util/third_party.go#L19-L21
[5]: https://github.com/vmware-tanzu/velero/blob/d5a2e7e6b9512e8ba52ec269ed5ce9a0fa23548c/pkg/util/third_party.go#L23-L25

19
site/content/docs/v1.16/repository-maintenance.md
View File

@@ -155,9 +155,26 @@ Status:
- `Recent Maintenance` keeps the status of the recent 3 maintenance jobs, including its start time, result (succeeded/failed), completion time (if the maintenance job succeeded), or error message (if the maintenance failed)
### Others
Maintenance jobs will inherit the labels, annotations, toleration, nodeSelector, service account, image, environment variables, cloud-credentials etc. from Velero deployment.
Maintenance jobs will inherit toleration, nodeSelector, service account, image, environment variables, cloud-credentials etc. from Velero deployment.
For labels and annotations, maintenance jobs do NOT inherit all labels and annotations from the Velero deployment. Instead, they include:
**Labels:**
* `velero.io/repo-name: <repository-name>` - automatically added to identify which repository they are maintaining
* Only specific [third-party labels][4] from the Velero server deployment that are in the predefined list, currently limited to:
* `azure.workload.identity/use`
**Annotations:**
* Only specific [third-party annotations][5] from the Velero server deployment that are in the predefined list, currently limited to:
* `iam.amazonaws.com/role`
**Important:** Other labels and annotations from the Velero deployment are NOT inherited by maintenance jobs. This is by design to ensure only specific labels and annotations required for cloud provider identity systems are propagated.
Maintenance jobs will not run for backup repositories whose backup storage location is set as readOnly.
[1]: velero-install.md#usage
[2]: node-agent-concurrency.md
[3]: backup-repository-configuration.md#full-maintenance-interval-customization
[4]: https://github.com/vmware-tanzu/velero/blob/d5a2e7e6b9512e8ba52ec269ed5ce9a0fa23548c/pkg/util/third_party.go#L19-L21
[5]: https://github.com/vmware-tanzu/velero/blob/d5a2e7e6b9512e8ba52ec269ed5ce9a0fa23548c/pkg/util/third_party.go#L23-L25