Chery pick changes to release-1.5 (#555)

* Update script.
Signed-off-by: Liping Xue <lipingx@vmware.com>

Signed-off-by: Liping Xue <lipingx@vmware.com>

* Add warning message in compatibility table. (#534)

* Add warning message in compatibility table.
Signed-off-by: Liping Xue <lipingx@vmware.com>

* Address comment from Xing.
Signed-off-by: Liping Xue <lipingx@vmware.com>

* Update link to vSphere documentation in supervisor-datamgr.md file (#536)

* Update vSphere doc link in supervisor-datamgr.md.
Signed-off-by: Liping Xue <lipingx@vmware.com>

* Address comment from Xing.
Signed-off-by: Liping Xue <lipingx@vmware.com>

* Update link to data manager ova. (#537)

Signed-off-by: Liping Xue <lipingx@vmware.com>

* Fix upload retry. (#532)

Signed-off-by: Liping Xue <lipingx@vmware.com>

* Update support matrix for Vanilla, WCP and GC. (#538)

Signed-off-by: Liping Xue <lipingx@vmware.com>

* Update support matrix for WCP.
Signed-off-by: Liping Xue lipingx@vmware.com

Signed-off-by: Liping Xue <lipingx@vmware.com>

* Update Snapshot and upload CRD status in doc. (#545)

Signed-off-by: Liping Xue lipingx@vmware.com

Signed-off-by: Liping Xue <lipingx@vmware.com>

* Add document on Deploy Velero in Supervisor Cluster with Images from Private Registry. (#543)

Signed-off-by: Liping Xue lipingx@vmware.com

Signed-off-by: Liping Xue lipingx@vmware.com
Signed-off-by: Liping Xue <lipingx@vmware.com>

* Update support matrix for Vanilla. (#548)

Signed-off-by: Liping Xue <lipingx@vmware.com>

* Bump the golang.org/x/net version to v0.17.0 to address CVEs. (#552)

Signed-off-by: Xun Jiang <jxun@vmware.com>
Signed-off-by: Liping Xue <lipingx@vmware.com>

---------

Signed-off-by: Liping Xue <lipingx@vmware.com>
Signed-off-by: Liping Xue lipingx@vmware.com
Signed-off-by: Xun Jiang <jxun@vmware.com>
Co-authored-by: Xun Jiang/Bruce Jiang <59276555+blackpiglet@users.noreply.github.com>

docs/guest.md

@@ -16,6 +16,8 @@ This document discusses the velero vSphere plugin installation process in a **Ta
 
 | Velero Plugin for vSphere Version | vSphere Version    | Kubernetes Version | vSphere CSI Driver Version | Velero Version | vSphere Plugin Deprecated | vSphere Plugin EOL Date      |
 |-----------------------------------|--------------------|--------------------|----------------------------|----------------|------------|---------------|
+| 1.5.1                             | 8.0U1               | 1.24          | Bundled with TKGS          | 1.10.2          | No         | N/A           |
+| 1.5.1                             | 8.0c                | 1.24          | Bundled with TKGS          | 1.10.2          | No         | N/A           |
 | 1.4.2                             | 8.0                | 1.20-1.23          | Bundled with TKGS          | 1.9.2          | No         | N/A           |
 | 1.4.2                             | 7.0U3h             | 1.22               | Bundled with TKGS          | 1.9.2          | No         | N/A           |
 | 1.4.0                             | 7.0U1c/P02 - 7.0U3 | 1.19-1.22          | Bundled with TKGS          | 1.8.1          | No         | N/A           |

docs/supervisor-datamgr.md

@@ -6,9 +6,8 @@ In a vSphere with Tanzu environment, the Data Manager should be installed as a V
 
 This document discusses the installation procedure for backup data manager for **Velero plugin for vSphere** with kubernetes.
 
-## Changes with release 1.1.0
+## Best Practice
 
-Support of vSphere with Tanzu (Supervisor cluster and TKGS cluster) is being added with the release 1.1.0 release.
 
 - As a best practice, Data Manager VMs should be installed on the vSphere compute cluster where the workload cluster is installed.
 - Each Data Manager VM can serve upload/download tasks from a single workload cluster and the TKGS clusters in it.
@@ -18,7 +17,7 @@ Support of vSphere with Tanzu (Supervisor cluster and TKGS cluster) is being add
 
 It is recommended that the Kubernetes backup/restore traffic be separated from the vSphere management network on a workload cluster. A backup network can be configured as an NSX-T network or traditional TDS network. We can add a VMkernel NIC on each ESXi host in the cluster and set the ```vSphereBackupNFC``` on that NIC. This enables backup network traffic to be sent through that NIC. If the ```vSphereBackupNFC``` is not enabled on the VMkernel NIC, the backup traffic will be sent on the management network.
 
-More details can be found in the [vSphere documentation](https://code.vmware.com/docs/12628/virtual-disk-development-kit-programming-guide/GUID-5D166ED1-7205-4110-8D72-0C51BB63CC3D.html).
+More details can be found in the [vSphere documentation](https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-networking/GUID-7BC73116-C4A6-411D-8A32-AD5B7A3D5493.html).
 
 Here are some ways to setup a Backup Network with ```vSphereBackupNFC``` tag enabled on a NSX setup.
 
@@ -36,7 +35,7 @@ If there is a free physical network adpter on each of the cluster nodes:
 
 ## Data Manager Virtual Machine install
 
-The Data Manager Virtual Machine ova can be downloaded from [here](https://vsphere-velero-datamgr.s3-us-west-1.amazonaws.com/datamgr-ob-17253392-photon-3-release-1.1.ova).
+The Data Manager Virtual Machine ova can be downloaded from [here](https://github.com/vmware-tanzu/velero-plugin-for-vsphere/releases).
 
 It is recommended to power on the Data manager VM after enabling the velero-vsphere service and installing Velero + vSphere plugin in the Supervisor cluster.
 
@@ -48,7 +47,7 @@ It is recommended to power on the Data manager VM after enabling the velero-vsph
    - guestinfo.cnsdp.vcPassword
    - guestinfo.cnsdp.vcPort
    - guestinfo.cnsdp.veleroNamespace
-   - guestinfo.cnsdp.datamgrImage (if not configured, will use the image from dockerhub vsphereveleroplugin/data-manager-for-plugin:1.1.0)
+   - guestinfo.cnsdp.datamgrImage
    - guestinfo.cnsdp.updateKubectl (default false, to avoid kubectl from wcp master on every VM restart)
 3. Power On the Data Manager VM
 

docs/supervisor-deploy-with-image-from-private-registry.md

@@ -0,0 +1,209 @@
+*   [Overview](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-Overview)
+*   [Manifest](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-Manifest)
+*   [Deploy Velero Operator](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-DeployVeleroOperator)
+    *   [Add Velero vSphere Operator as a vSphere Service](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-AddVelerovSphereOperatorasavSphereService)
+    *   [Install Velero vSphere Operator on Supervisor Cluster(s)](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-InstallVelerovSphereOperatoronSupervisorCluster(s))
+    *   [Successful Deployment of Velero vSphere Operator](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-SuccessfulDeploymentofVelerovSphereOperator)
+*   [Deploy Velero Instance](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-DeployVeleroInstance)
+*   [Deploy Data Manager VM](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-DeployDataManagerVM)
+    *   [Create a Supervisor Namespace for Velero](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-CreateaSupervisorNamespaceforVelero)
+    *   [Configure Permission for Supervisor DevOps](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-ConfigurePermissionforSupervisorDevOps)
+    *   [Deploy Velero and Plugins](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-DeployVeleroandPlugins)
+        *   [Images From the Same Private Registry](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-ImagesFromtheSamePrivateRegistry)
+        *   [Images From Any Public Registry](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-ImagesFromAnyPublicRegistry)
+    *   [Successful Deployment of Velero](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-SuccessfulDeploymentofVelero)
+        *   [vSphere UI](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-vSphereUI)
+        *   [Kubectl CLI](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-KubectlCLI)
+*   [Reference](#DeployVeleroinSupervisorClusterwithImagesfromPrivateRegistry-Reference)
+
+Overview
+========
+
+In Air-gapped environment, users usually would like to deploy application from private registry which is protected by registry credential. To meet this requirement, we support deploying Velero in Supervisor Cluster with images from private registry.
+
+Manifest
+========
+
+*   Velero vSphere operator YAML: [https://vmwaresaas.jfrog.io/ui/api/v1/download?repoKey=Velero-YAML&path=Velero%252FSupervisorService%252F1.0.0%252Fvelero-supervisorservice-1.0.0.yaml](https://vmwaresaas.jfrog.io/ui/api/v1/download?repoKey=Velero-YAML&path=Velero%252FSupervisorService%252F1.0.0%252Fvelero-supervisorservice-1.0.0.yaml)
+
+Note: The following screenshots show the installation using Velero vSphere Operator 1.0.0. If you want to install using the latest Velero vSphere Operator version, refer to this [page](https://github.com/vsphere-tmm/Supervisor-Services/blob/main/README.md#velero-versions).
+
+Deploy Velero Operator
+======================
+
+Add Velero vSphere Operator as a vSphere Service
+------------------------------------------------
+
+Navigate to Workload Management Services page. Click the botton in red box below to add a new service in vSphere Services. (It can be done by corresponding DCLI command as well)
+
+![](supervisor-private-registry-add-service-1.png)
+
+
+
+Upload the Velero vSphere operator YAML mentioned in **Manifest** section above.
+
+![](supervisor-private-registry-add-service-2.png)![](supervisor-private-registry-add-service-3.png)
+
+
+
+Install Velero vSphere Operator on Supervisor Cluster(s)
+--------------------------------------------------------
+
+Select "Install on Supervisors" as below to install the newly added vSphere Service, Velero vSphere Operator, on Supervisor Cluster(s).
+
+![](supervisor-private-registry-install-velero-operator-1.png)
+
+
+
+Provide configuration parameters for install Velero vSphere Operator on Supervisor Clusters.
+
+**Note**: To deploy velero operator with images from private registry, both **registryUsername** and **registryPasswd** are required. Please make sure Velero vSphere Operator image with **Select Version** is available in the registry as specified in the **registryName** field.
+
+![](supervisor-private-registry-install-velero-operator-2.png)
+
+The above screenshot shows how add Key Value Pairs of the registry while installing Velero vSphere Operator on Supervisor Cluster as in vCenter 7. 
+
+In VC 8.0, the option will not show as Key Value Pairs as VC 7.0. Customers can provide those options by entering them in "YAML Service Config", see the following example.
+
+![](supervisor-private-registry-install-velero-operator-3.png)
+
+Successful Deployment of Velero vSphere Operator
+------------------------------------------------
+
+After Velero vSphere Operator is installed in Supervisor Cluster, we can see that a new vSphere Service instance for Velero vSphere Operator is added to Supervisor Cluster and its Service Status is in the **Configured** state.
+
+![](supervisor-private-registry-install-velero-operator-4.png)![](supervisor-private-registry-install-velero-operator-5.png)
+
+
+
+Meanwhile, we can see Velero vSphere operator is in **Running** status in its own Supervisor namespace (svc-velero-vsphere-domain-c8 in this case).
+
+![](supervisor-private-registry-install-velero-operator-6.png)
+
+That's it for deploying Velero vSphere Operator in Supervisor Cluster with image from private registry.
+
+Deploy Velero Instance
+======================
+
+Deploy Data Manager VM
+======================
+
+Please refer to [https://github.com/vmware-tanzu/velero-plugin-for-vsphere/blob/main/docs/supervisor-datamgr.md](https://github.com/vmware-tanzu/velero-plugin-for-vsphere/blob/main/docs/supervisor-datamgr.md).
+
+Create a Supervisor Namespace for Velero
+----------------------------------------
+
+![](supervisor-private-registry-deploy-data-manager-1.png)
+
+![](supervisor-private-registry-deploy-data-manager-2.png)
+
+Configure Permission for Supervisor DevOps
+------------------------------------------
+
+Supervisor DevOps will need EDIT permission to deploy Velero in the Supervisor Namespace. It is **optional** for vSphere Admin.
+
+![](supervisor-private-registry-add-permission-1.png)
+
+![](supervisor-private-registry-add-permission-2.png)
+
+Deploy Velero and Plugins
+-------------------------
+
+It is supported to deploy Velero and plugins with images in the following two cases.
+
+### Images From the Same Private Registry
+
+**Note**: To deploy Velero with images from private registry as well, it would only work for images from the same private registry whose credential has been provided while enable Velero vSphere Operator in Supervisor Cluster. Also, the **\--use-private-registry** option in the install command is required.
+
+Below is an example of velero-vsphere install command.
+
+```bash
+BUCKET=velero-v1.5.1-backups
+REGION=minio
+NAMESPACE=velero
+S3URL=http://csm-minio.eng.vmware.com
+
+VSPHERE_PLUGIN_IMAGE=harbor-stg-repo.vmware.com/velerovsphereoperator/velero-plugin-for-vsphere:v1.3.1
+AWS_PLUGIN_IMAGE=harbor-stg-repo.vmware.com/velerovsphereoperator/velero-plugin-for-aws:v1.1.0
+VELERO_IMAGE=harbor-stg-repo.vmware.com/velerovsphereoperator/velero:v1.5.1
+
+# install velero in air-gapped environment
+velero-vsphere install \
+    --namespace $NAMESPACE \
+    --image $VELERO_IMAGE \
+    --provider aws \
+    --plugins $AWS_PLUGIN_IMAGE,$VSPHERE_PLUGIN_IMAGE \
+    --bucket $BUCKET \
+    --secret-file ~/.minio/credentials \
+    --snapshot-location-config region=$REGION \
+    --backup-location-config region=$REGION,s3ForcePathStyle="true",s3Url=$S3URL \
+    --use-private-registry                          # <====== Key Option to deploy Velero with images from private registry
+```
+
+
+
+Instead, the following two cases would end up with **ImagePullBackOff** error below.
+
+*   Deploying velero with images from a different private registry.
+*   Deploying velero with images from the same private registry, but without using the **\--use-private-registry** option in the install command above.
+
+```bash
+0s          Warning   Failed                           pod/backup-driver-5c585967c9-dbm76                                          Failed to pull image "harbor-stg-repo.vmware.com/velerovsphereoperator/backup-driver:v1.3.1": rpc error: code = Unknown desc = failed to pull and unpack image "harbor-stg-repo.vmware.com/velerovsphereoperator/backup-driver:v1.3.1": failed to resolve reference "harbor-stg-repo.vmware.com/velerovsphereoperator/backup-driver:v1.3.1": unexpected status code [manifests v1.3.1]: 401 Unauthorized
+```
+
+### Images From Any Public Registry
+
+Alternatively, it is also OK to deploy velero instance with images from any other public registry, even if the Velero vSphere Operator is deployed with images from a private registry.
+
+Below is an example of velero-vsphere install command.
+
+```bash
+BUCKET=velero-v1.5.1-backups
+REGION=minio
+NAMESPACE=velero
+S3URL=http://csm-minio.eng.vmware.com
+
+VSPHERE_PLUGIN_IMAGE=harbor-repo.vmware.com/velero/velero-plugin-for-vsphere:v1.3.1
+AWS_PLUGIN_IMAGE=harbor-repo.vmware.com/velero/velero-plugin-for-aws:v1.1.0
+VELERO_IMAGE=harbor-repo.vmware.com/velero/velero:v1.5.1
+
+# install velero in air-gapped environment
+velero-vsphere install \
+    --namespace $NAMESPACE \
+    --image $VELERO_IMAGE \
+    --provider aws \
+    --plugins $AWS_PLUGIN_IMAGE,$VSPHERE_PLUGIN_IMAGE \
+    --bucket $BUCKET \
+    --secret-file ~/.minio/credentials \
+    --snapshot-location-config region=$REGION \
+    --backup-location-config region=$REGION,s3ForcePathStyle="true",s3Url=$S3URL
+```
+
+
+
+Successful Deployment of Velero
+-------------------------------
+
+Below are observations from both vSphere UI and CLI when Velero and plugins are deployed on Supervisor Cluster sucessfully.
+
+### vSphere UI
+
+![](supervisor-private-registery-deploy-success.png)
+
+### Kubectl CLI
+
+```bash
+$ kubectl -n velero get all
+NAME                                READY   STATUS    RESTARTS   AGE
+pod/backup-driver-cb4d96d57-glxfz   1/1     Running   0          4m30s
+pod/velero-744cfc7ccc-gn6cn         1/1     Running   0          4m47s
+
+NAME                            READY   UP-TO-DATE   AVAILABLE   AGE
+deployment.apps/backup-driver   1/1     1            1           4m30s
+deployment.apps/velero          1/1     1            1           4m48s
+
+NAME                                      DESIRED   CURRENT   READY   AGE
+replicaset.apps/backup-driver-cb4d96d57   1         1         1       4m30s
+replicaset.apps/velero-744cfc7ccc         1         1         1       4m48s
+```
+

docs/supervisor.md

@@ -13,8 +13,9 @@
 
 | Velero Plugin for vSphere Version | vSphere Version     | Kubernetes Version                                                | vSphere CSI Driver Version | Velero Version | Velero vSphere Operator Version | Data Manager Version | vSphere Plugin Deprecated | vSphere Plugin EOL Date      |
 |-----------------------------------|---------------------|-------------------------------------------------------------------|----------------------------|----------------|---------------------------------|---------------|------------|---------------|
+| 1.5.1                             | 8.0U1                  | Bundled with vSphere (1.24)                                 | Bundled with vSphere       | 1.10.2          | 1.4.0                           | 1.2.0        | No         | N/A           |
+| 1.5.1                             | 8.0c                  | Bundled with vSphere (1.24)                                 | Bundled with vSphere       | 1.10.2          | 1.4.0                           | 1.2.0        | No         | N/A           |
 | 1.4.2                             | 8.0                  | Bundled with vSphere (1.22-1.23)                                 | Bundled with vSphere       | 1.9.2          | 1.3.0                           | 1.2.0        | No         | N/A           |
-| 1.4.2                             | 7.0U3h               | Bundled with vSphere (1.22)                                      | Bundled with vSphere       | 1.9.2          | 1.3.0                           | 1.2.0        | No         | N/A           |
 | 1.4.0                             | 7.0U3e/f/h           | Bundled with vSphere (1.22)                                      | Bundled with vSphere       | 1.8.1          | 1.2.0                           | 1.1.0        | No         | N/A           |
 | 1.3.1                             | 7.0U1c/P02 - 7.0U3d  | Bundled with vSphere (1.16-1.19, 1.18-1.20, 1.19-1.21)           | Bundled with vSphere       | 1.5.1          | 1.1.0                           | 1.1.0        | No         | N/A           |
 | 1.3.0                             | 7.0U1c/P02 - 7.0U3d  | Bundled with vSphere (1.16-1.19, 1.18-1.20, 1.19-1.21)           | Bundled with vSphere       | 1.5.1          | 1.1.0                           | 1.1.0        | Yes        | December 2022 |

docs/vanilla.md

@@ -14,6 +14,8 @@
 
 | Velero Plugin for vSphere Version | vSphere Version        | Kubernetes Version | vSphere CSI Driver Version        | Velero Version | vSphere Plugin Deprecated | vSphere Plugin EOL Date      |
 |-----------------------------------|------------------------|--------------------|-----------------------------------|----------------|------------|---------------|
+1.5.1                             | 8.0U2                    | 1.27          | 3.0.1                             | 1.11.1          | No         | N/A           |
+ 1.5.1                             | 8.0U1                    | 1.26-1.27          | 3.0.1                             | 1.10.2, 1.11.1          | No         | N/A           |
 | 1.4.2                             | 8.0                    | 1.24-1.25          | 2.7.0                             | 1.9.2          | No         | N/A           |
 | 1.4.2                             | 7.0U3h                 | 1.24-1.25          | 2.7.0                             | 1.9.2          | No         | N/A           |
 | 1.4.1                             | 8.0                    | 1.24-1.25          | 2.7.0                             | 1.9.2          | No         | N/A           |
@@ -280,6 +282,7 @@ Snapshot CRD has a number of phases for the `.status.phase` field:
 * Canceling: the upload of snapshot is being cancelled
 * Canceled: the upload of snapshot is cancelled
 * CleanupAfterUploadFailed: the Cleanup of local snapshot after the upload of snapshot was failed
+* UploadFailedAfterRetry: the snapshot is failed to be uploaded after retries, and local snapshot is deleted
 
 #### Uploads
 
@@ -330,6 +333,7 @@ Upload CRD has a number of phases for the `.status.phase` field:
 * CleanupFailed: delete local snapshot failed after the upload, this case will also be retried
 * Canceling:  upload is being cancelled. It would happen if `velero backup delete` is called while the upload of snapshot is in progress.
 * Canceled: upload is cancelled.
+* UploadFailedAfterRetry: Upload failed after retries and local snapshot is deleted.
 
 UploadError uploads will be periodically retried.  At that point their phase will return to InProgress.  After an upload has been
 successfully completed, its record will remain for a period of time and eventually be removed.