$ oc annotate --overwrite namespace/openshift-adp volsync.backube/privileged-movers='true'
The release notes for OpenShift API for Data Protection (OADP) 1.1 describe new features and enhancements, deprecated features, product recommendations, known issues, and resolved issues.
The OpenShift API for Data Protection (OADP) 1.1.8 release notes lists any known issues. There are no resolved issues in this release.
For a complete list of all known issues in OADP 1.1.8, see the list of OADP 1.1.8 known issues in Jira.
The OADP 1.1.7 release notes lists any resolved issues and known issues.
The following highlighted issues are resolved in OADP 1.1.7:
In previous releases of OADP 1.1, the HTTP/2 protocol was susceptible to a denial of service attack because request cancellation could reset multiple streams quickly. The server had to set up and tear down the streams while not hitting any server-side limit for the maximum number of active streams per connection. This resulted in a denial of service due to server resource consumption. For a list of all OADP issues associated with this CVE, see the following Jira list.
For more information, see CVE-2023-39325 (Rapid Reset Attack).
For a complete list of all issues resolved in the release of OADP 1.1.7, see the list of OADP 1.1.7 resolved issues in Jira.
The OADP 1.1.6 release notes lists any new features, resolved issues and bugs, and known issues.
OCP 4.14 introduced pod security standards that meant the privileged
profile is enforced
. In previous releases of OADP, this profile caused the pod to receive permission denied
errors. This issue was caused because of the restore order. The pod was created before the security context constraints (scc) resource. As this pod violated the pod security standard, the pod was denied and subsequently failed. OADP-2420
In previous releases of OADP, the restore of job resource was partially failing in OCP 4.14. This issue was not seen in older OCP versions. The issue was caused by an additional label being to the job resource, which was not present in older OCP versions. OADP-2530
For a complete list of all issues resolved in this release, see the list of OADP 1.1.6 resolved issues in Jira.
For a complete list of all known issues in this release, see the list of OADP 1.1.6 known issues in Jira.
The OADP 1.1.5 release notes lists any new features, resolved issues and bugs, and known issues.
For a complete list of all issues resolved in this release, see the list of OADP 1.1.5 resolved issues in Jira.
For a complete list of all known issues in this release, see the list of OADP 1.1.5 known issues in Jira.
The OADP 1.1.4 release notes lists any new features, resolved issues and bugs, and known issues.
In previous releases of OADP, OADP did not facilitate the support of all the upstream Velero server arguments. This issue has been resolved in OADP 1.1.4 and all the upstream Velero server arguments are supported. OADP-1557
In previous releases of OADP, OADP Data Mover could restore from an incorrect snapshot if there was more than one Volume Snapshot Restore (VSR) resource in the cluster for the same Velero restore
name and PersistentVolumeClaim (pvc) name. OADP-1822
In previous releases of OADP, ACM BackupSchedules failed validation because of a missing OwnerReference
on Backup Storage Locations (BSLs) created with dpa.spec.backupLocations.bucket
. OADP-1511
For a complete list of all issues resolved in this release, see the list of OADP 1.1.4 resolved issues in Jira.
This release has the following known issues:
OADP backups might fail because a UID/GID range might have changed on the cluster where the application has been restored, with the result that OADP does not back up and restore OKD UID/GID range metadata. To avoid the issue, if the backed application requires a specific UUID, ensure the range is available when restored. An additional workaround is to allow OADP to create the namespace in the restore operation.
A restoration might fail if ArgoCD is used during the process due to a label used by ArgoCD, app.kubernetes.io/instance
. This label identifies which resources ArgoCD needs to manage, which can create a conflict with OADP’s procedure for managing resources on restoration. To work around this issue, set .spec.resourceTrackingMethod
on the ArgoCD YAML to annotation+label
or annotation
. If the issue continues to persist, then disable ArgoCD before beginning to restore, and enable it again when restoration is finished.
Velero plugins are started as separate processes. When the Velero operation has completed, either successfully or not, they exit. Therefore if you see a received EOF, stopping recv loop
messages in debug logs, it does not mean an error occurred. The message indicates that a plugin operation has completed. OADP-2176
For a complete list of all known issues in this release, see the list of OADP 1.1.4 known issues in Jira.
The OADP 1.1.3 release notes lists any new features, resolved issues and bugs, and known issues.
For a complete list of all issues resolved in this release, see the list of OADP 1.1.3 resolved issues in Jira.
For a complete list of all known issues in this release, see the list of OADP 1.1.3 known issues in Jira.
The OADP 1.1.2 release notes include product recommendations, a list of fixed bugs and descriptions of known issues.
To prepare for the upgrade from VolSync 0.5.1 to the latest version available from the VolSync stable channel, you must add this annotation in the openshift-adp
namespace by running the following command:
$ oc annotate --overwrite namespace/openshift-adp volsync.backube/privileged-movers='true'
In this release, Velero has been upgraded from version 1.9.2 to version 1.9.5.
In this release, Restic has been upgraded from version 0.13.1 to version 0.14.0.
This release has the following known issues:
OADP currently does not support backup and restore of AWS EFS volumes using restic in Velero (OADP-778).
CSI backups might fail due to a Ceph limitation of VolumeSnapshotContent
snapshots per PVC.
You can create many snapshots of the same persistent volume claim (PVC) but cannot schedule periodic creation of snapshots:
For more information, see Volume Snapshots.
The OADP 1.1.1 release notes include product recommendations and descriptions of known issues.
Before you install OADP 1.1.1, it is recommended to either install VolSync 0.5.1 or to upgrade to it.
This release has the following known issues:
Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
The HTTP/2 protocol is susceptible to a denial of service attack because request cancellation can reset multiple streams quickly. The server has to set up and tear down the streams while not hitting any server-side limit for the maximum number of active streams per connection. This results in a denial of service due to server resource consumption. For a list of all OADP issues associated with this CVE, see the following Jira list.
It is advised to upgrade to OADP 1.1.7 or 1.2.3, which resolve this issue.
For more information, see CVE-2023-39325 (Rapid Reset Attack).
OADP currently does not support backup and restore of AWS EFS volumes using restic in Velero (OADP-778).
CSI backups might fail due to a Ceph limitation of VolumeSnapshotContent
snapshots per PVC.
You can create many snapshots of the same persistent volume claim (PVC) but cannot schedule periodic creation of snapshots:
For CephFS, you can create up to 100 snapshots per PVC.
For RADOS Block Device (RBD), you can create up to 512 snapshots for each PVC. (OADP-804) and (OADP-975)
For more information, see Volume Snapshots.