Added the known issues to a newly created file, FAQ.md

[lintongj]

Added the known issues to a newly created file, FAQ.md

Note: I didn't include the changelog and the result of Precheckin test run since it is not a feature related change.

[ChrisJLittle]

I saw this "To use the plugin v1.0.0 in a TKG cluster, the secret of vSphere CSI credential, i.e., csi-vsphere-config, need to be renamed to, vsphere-config-secret." in the FAQ and am concerned that this would break TKG functionality. I think that the correct approach would be to create a new secret named vsphere-config-secret with similar content.

I found that the formatting in csi-vsphere-config does not use quotes for many items and this is expected by the vsphere plugin. Also, there is no port parameter in the csi-vsphere-config secret and needs to be added to vsphere-config-secret.

[lintongj]

I saw this "To use the plugin v1.0.0 in a TKG cluster, the secret of vSphere CSI credential, i.e., csi-vsphere-config, need to be renamed to, vsphere-config-secret." in the FAQ and am concerned that this would break TKG functionality. I think that the correct approach would be to create a new secret named vsphere-config-secret with similar content.

Thanks for the review. I just reword the item in FAQ.

I found that the formatting in csi-vsphere-config does not use quotes for many items and this is expected by the vsphere plugin. Also, there is no port parameter in the csi-vsphere-config secret and needs to be added to vsphere-config-secret.

There is port param in the csi-vsphere.conf of csi-vsphere-config, as you mentioned in the issue #63.

ubuntu@cli-vm:~/velero$ cat csi-vsphere.conf
[Global]
insecure-flag = "true"
cluster-id = "default/vsan-cluster"

[VirtualCenter "vcsa-01a.corp.local"]
port = "443"                                       <========
user = "administrator@corp.local"
password = "VMware1!"
datacenters = "RegionA01"

[Network]
public-network = "DSwitch-Management"`

if there is no port specified in some of your TKG clusters, then for the v1.0.0 you are supposed to manually provide the field port = "443" in the csi-vsphere.conf of the secret.

Here is an example of vsphere-config-secret in Vanilla k8s cluster.

apiVersion: v1
data:
  csi-vsphere.conf: <Encoded Data>
kind: Secret
metadata:
  creationTimestamp: "2020-03-26T16:48:47Z"
  name: vsphere-config-secret
  namespace: kube-system
  resourceVersion: "927"
  selfLink: /api/v1/namespaces/kube-system/secrets/vsphere-config-secret
  uid: a988e415-6f81-11ea-92bd-005056ad9ff5
type: Opaque

Our plugin would always retrieve the VC credential from the encoded data of csi-vsphere.conf from the secret vsphere-config-secret. As far as I know, the secret csi-vsphere-config in TKG cluster, even though the name is different, share the same YAML structure as above.

Additionally, I don't see there is any issue with not use quotes for many items. If you run into any issue, feel free to reach out to us.

[ChrisJLittle]

I found that the formatting in csi-vsphere-config does not use quotes for many items and this is expected by the vsphere plugin. Also, there is no port parameter in the csi-vsphere-config secret and needs to be added to vsphere-config-secret.

There is port param in the csi-vsphere.conf of csi-vsphere-config, as you mentioned in the issue #63.

ubuntu@cli-vm:~/velero$ cat csi-vsphere.conf
[Global]
insecure-flag = "true"
cluster-id = "default/vsan-cluster"

[VirtualCenter "vcsa-01a.corp.local"]
port = "443"                                       <========
user = "administrator@corp.local"
password = "VMware1!"
datacenters = "RegionA01"

[Network]
public-network = "DSwitch-Management"`

if there is no port specified in some of your TKG clusters, then for the v1.0.0 you are supposed to manually provide the field port = "443" in the csi-vsphere.conf of the secret.

The csi-vsphere.conf above is the one that I created to be used in vsphere-config-secret. The secret created by TKG (csi-vsphere-config) contained only the following (after decoding):

[Global]
insecure-flag = true
cluster-id = default/vsan-cluster

[VirtualCenter "vcsa-01a.corp.local"]
user = administrator@corp.local
password = VMware1!
datacenters = RegionA01

[Network]
public-network = DSwitch-Management

There are only quotes around the VirtualCenter name and no port value was present.

I can't seem to find any reference in the TKG 1.0 docs (https://docs.vmware.com/en/VMware-Tanzu-Kubernetes-Grid/index.html) to needing to make any changes to the csi-vsphere-config secret. Would you please point me to where that is noted?

Our plugin would always retrieve the VC credential from the encoded data of csi-vsphere.conf from the secret vsphere-config-secret. As far as I know, the secret csi-vsphere-config in TKG cluster, even though the name is different, share the same YAML structure as above.

Additionally, I don't see there is any issue with not use quotes for many items. If you run into any issue, feel free to reach out to us.

As noted above, the encoded data in the csi-vsphere-config secret created via tkg init does not have quotes around most items. I first attempted to simply dump that secret to yaml and create a new one named vsphere-config-secret but it was not able to be used until I quoted all values and put the port parameter in.

[lintongj]

As noted above, the encoded data in the csi-vsphere-config secret created via tkg init does not have quotes around most items. I first attempted to simply dump that secret to yaml and create a new one named vsphere-config-secret but it was not able to be used until I quoted all values and put the port parameter in.

Thanks for the detail. I will add it to the doc. Were you able to use velero-plugin-for-vsphere in TKG cluster after making changes above?

I can't seem to find any reference in the TKG 1.0 docs (https://docs.vmware.com/en/VMware-Tanzu-Kubernetes-Grid/index.html) to needing to make any changes to the csi-vsphere-config secret. Would you please point me to where that is noted?

I didn't mean to suggest you to make any change about the csi-vsphere-config secret. I was talking about the workaround to make velero-plugin-for-vsphere work as expected in TKG cluster. Currently, velero-plugin-for-vsphere v1.0.0 is not officially supported in TKG. We plan to support TKG in our next release(probably v1.0.1).

I don't know much about TKG. For more question about the csi-vsphere-config secret or TKG/CSI integration, you might want to look for help from vSphere CSI folks, or from the project, https://github.com/kubernetes-sigs/vsphere-csi-driver.

[ChrisJLittle]

Thanks for the detail. I will add it to the doc. Were you able to use velero-plugin-for-vsphere in TKG cluster after making changes above?

Yes, it came up fine after getting the secret into the expected format. Thanks.

[lintongj]

LGTM.