Troubleshooting Kubestash

This guide will show you how to troubleshoot some common KubeStash installation issues.

Installing in GKE Cluster

If you are installing KubeStash on a GKE cluster, you will need cluster admin permissions to install KubeStash operator. Run the following command to grant admin permission to the cluster.

$ kubectl create clusterrolebinding "cluster-admin-$(whoami)" \
  --clusterrole=cluster-admin                                 \
  --user="$(gcloud config get-value core/account)"

In addition, if your GKE cluster is a private cluster, you will need to either add an additional firewall rule that allows master nodes access port 8443/tcp on worker nodes, or change the existing rule that allows access to ports 443/tcp and 10250/tcp to also allow access to port 8443/tcp. The procedure to add or modify firewall rules is described in the official GKE documentation for private clusters mentioned before.

Configuring Network Volume Accessor

For network volumes like NFS, KubeStash requires deploying a helper deployment within the same namespace as the BackupStorage. This deployment mounts the NFS volume to access the necessary resources. We call this helper deployment network volume accessor. You can configure its resources, user id, privileged permission etc. To enable the network volume accessor, run the following command:

New Installation

If you haven’t installed KubeStash yet, run the following command to configure the network volume accessor during installation

$ helm install -i kubestash oci://ghcr.io/appscode-charts/kubestash \
--version v2024.9.30 \
--namespace stash --create-namespace \
--set kubestash-operator.netVolAccessor.cpu=200m \
--set kubestash-operator.netVolAccessor.memory=128Mi \
--set kubestash-operator.netVolAccessor.runAsUser=0 \
--set kubestash-operator.netVolAccessor.privileged=true \
--set-file global.license=/path/to/license-file.txt \
--wait --burst-limit=10000 --debug

Existing Installation

If you have installed KubeStash already in your cluster but didn’t configure the network volume accessor, you can use helm upgrade command to configure it in the existing installation.

$ helm upgrade -i kubestash oci://ghcr.io/appscode-charts/kubestash \
--version v2024.9.30 \
--namespace stash --create-namespace \
--set kubestash-operator.netVolAccessor.cpu=200m \
--set kubestash-operator.netVolAccessor.memory=128Mi \
--set kubestash-operator.netVolAccessor.runAsUser=0 \
--set kubestash-operator.netVolAccessor.privileged=true \
--set-file global.license=/path/to/license-file.txt \
--wait --burst-limit=10000 --debug

Detect KubeStash version

To detect KubeStash version, exec into the operator pod and run kubestash version command.

$ POD_NAMESPACE=stash
$ POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app.kubernetes.io/name=kubestash-operator -o jsonpath={.items[0].metadata.name})
$ kubectl exec $POD_NAME -c operator -n $POD_NAMESPACE -- /kubestash version

Version = v2024.9.30
VersionStrategy = tag
Os = alpine
Arch = amd64
CommitHash = 85b0f16ab1b915633e968aac0ee23f877808ef49
GitBranch = release-0.5
GitTag = v2024.9.30
CommitTimestamp = 2020-08-10T05:24:23

$ kubectl exec -it $POD_NAME -c operator -n $POD_NAMESPACE restic version
restic 0.9.6
compiled with go1.9 on linux/amd64