From d615cc6de034e0762d1023e43f8eac1137b596b2 Mon Sep 17 00:00:00 2001 From: ThoTischner Date: Wed, 10 Jul 2019 23:04:39 +0200 Subject: [PATCH] openshift needs namespace annotation for restic to schedule on all nodes (#1629) * openshift needs namespace annotation for restic to schedule on all nodes Signed-off-by: Thomas Tischner --- site/docs/master/restic.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/site/docs/master/restic.md b/site/docs/master/restic.md index 2b37cb2d4..a2901cc06 100644 --- a/site/docs/master/restic.md +++ b/site/docs/master/restic.md @@ -80,6 +80,19 @@ $ oc adm policy add-scc-to-user privileged -z velero -n velero If restic is not running in a privileged mode, it will not be able to access pods volumes within the mounted hostpath directory because of the default enforced SELinux mode configured in the host system level. You can [create a custom SCC](https://docs.openshift.com/container-platform/3.11/admin_guide/manage_scc.html) in order to relax the security in your cluster so that restic pods are allowed to use the hostPath volume plug-in without granting them access to the `privileged` SCC. +By default a userland openshift namespace will not schedule pods on all nodes in the cluster. +To schedule on all nodes the namespace needs an annotation: +``` +oc annotate namespace openshift.io/node-selector="" +``` +This should be done before velero installation. +Or the ds needs to be deleted and recreated: +``` +oc get ds restic -o yaml -n > ds.yaml +oc annotate namespace openshift.io/node-selector="" +oc create -n -f ds.yaml +``` + **Enterprise PKS** You need to enable the `Allow Privileged` option in your plan configuration so that restic is able to mount the hostpath.