velero/site/content/docs/main/debugging-install.md

---
title: "Debugging Installation Issues"
layout: docs
---

## General

### `invalid configuration: no configuration has been provided`
This typically means that no `kubeconfig` file can be found for the Velero client to use. Velero looks for a kubeconfig in the
following locations:
* the path specified by the `--kubeconfig` flag, if any
* the path specified by the `$KUBECONFIG` environment variable, if any
* `~/.kube/config`

### Backups or restores stuck in `New` phase
This means that the Velero controllers are not processing the backups/restores, which usually happens because the Velero server is not running. Check the pod description and logs for errors:
```
kubectl -n velero describe pods
kubectl -n velero logs deployment/velero
```


## AWS

### `NoCredentialProviders: no valid providers in chain`

#### Using credentials
This means that the secret containing the AWS IAM user credentials for Velero has not been created/mounted properly
into the Velero server pod. Ensure the following:

* The `cloud-credentials` secret exists in the Velero server's namespace
* The `cloud-credentials` secret has a single key, `cloud`, whose value is the contents of the `credentials-velero` file
* The `credentials-velero` file is formatted properly and has the correct values:

    ```
    [default]
    aws_access_key_id=<your AWS access key ID>
    aws_secret_access_key=<your AWS secret access key>
    ```

* The `cloud-credentials` secret is defined as a volume for the Velero deployment
* The `cloud-credentials` secret is being mounted into the Velero server pod at `/credentials`

#### Using kube2iam
This means that Velero can't read the content of the S3 bucket. Ensure the following:

* A Trust Policy document exists that allows the role used by kube2iam to assume Velero's role, as stated in the AWS config documentation.
* The new Velero role has all the permissions listed in the documentation regarding S3.


## Azure

### `Failed to refresh the Token` or `adal: Refresh request failed`
This means that the secrets containing the Azure service principal credentials for Velero has not been created/mounted
properly into the Velero server pod. Ensure the following:

* The `cloud-credentials` secret exists in the Velero server's namespace
* The `cloud-credentials` secret has all of the expected keys and each one has the correct value (see [setup instructions][0])
* The `cloud-credentials` secret is defined as a volume for the Velero deployment
* The `cloud-credentials` secret is being mounted into the Velero server pod at `/credentials`


## GCE/GKE

### `open credentials/cloud: no such file or directory`
This means that the secret containing the GCE service account credentials for Velero has not been created/mounted properly
into the Velero server pod. Ensure the following:

* The `cloud-credentials` secret exists in the Velero server's namespace
* The `cloud-credentials` secret has a single key, `cloud`, whose value is the contents of the `credentials-velero` file
* The `cloud-credentials` secret is defined as a volume for the Velero deployment
* The `cloud-credentials` secret is being mounted into the Velero server pod at `/credentials`

[0]: azure-config.md#create-service-principal
Hugo migration (#2720) * Move files to a Hugo structure Signed-off-by: Tony Batard <tbatard@pivotal.io> 2020-08-13 16:09:15 +00:00			`---`
			`title: "Debugging Installation Issues"`
			`layout: docs`
			`---`
generate v1.1.0-beta.1 docs Signed-off-by: Steve Kriss <krisss@vmware.com> 2019-08-05 21:03:07 +00:00
			`## General`

			### `invalid configuration: no configuration has been provided`
			This typically means that no `kubeconfig` file can be found for the Velero client to use. Velero looks for a kubeconfig in the
			`following locations:`
			* the path specified by the `--kubeconfig` flag, if any
			* the path specified by the `$KUBECONFIG` environment variable, if any
			* `~/.kube/config`

			### Backups or restores stuck in `New` phase
			`This means that the Velero controllers are not processing the backups/restores, which usually happens because the Velero server is not running. Check the pod description and logs for errors:`
			```
			`kubectl -n velero describe pods`
			`kubectl -n velero logs deployment/velero`
			```


			`## AWS`

			### `NoCredentialProviders: no valid providers in chain`

			`#### Using credentials`
			`This means that the secret containing the AWS IAM user credentials for Velero has not been created/mounted properly`
			`into the Velero server pod. Ensure the following:`

			* The `cloud-credentials` secret exists in the Velero server's namespace
			* The `cloud-credentials` secret has a single key, `cloud`, whose value is the contents of the `credentials-velero` file
			* The `credentials-velero` file is formatted properly and has the correct values:

			```
			`[default]`
			`aws_access_key_id=<your AWS access key ID>`
			`aws_secret_access_key=<your AWS secret access key>`
			```

			* The `cloud-credentials` secret is defined as a volume for the Velero deployment
			* The `cloud-credentials` secret is being mounted into the Velero server pod at `/credentials`

			`#### Using kube2iam`
			`This means that Velero can't read the content of the S3 bucket. Ensure the following:`

update docs to match style guide (#2861) * update docs to match style guide Signed-off-by: Abigail McCarthy <mabigail@vmware.com> * update web site guide Signed-off-by: Abigail McCarthy <mabigail@vmware.com> 2020-08-25 17:02:21 +00:00			`* A Trust Policy document exists that allows the role used by kube2iam to assume Velero's role, as stated in the AWS config documentation.`
generate v1.1.0-beta.1 docs Signed-off-by: Steve Kriss <krisss@vmware.com> 2019-08-05 21:03:07 +00:00			`* The new Velero role has all the permissions listed in the documentation regarding S3.`


			`## Azure`

			### `Failed to refresh the Token` or `adal: Refresh request failed`
			`This means that the secrets containing the Azure service principal credentials for Velero has not been created/mounted`
			`properly into the Velero server pod. Ensure the following:`

			* The `cloud-credentials` secret exists in the Velero server's namespace
fix links to azure setup instructions (#1963) Signed-off-by: Steve Kriss <krisss@vmware.com> 2019-10-15 20:46:36 +00:00			* The `cloud-credentials` secret has all of the expected keys and each one has the correct value (see [setup instructions][0])
generate v1.1.0-beta.1 docs Signed-off-by: Steve Kriss <krisss@vmware.com> 2019-08-05 21:03:07 +00:00			* The `cloud-credentials` secret is defined as a volume for the Velero deployment
			* The `cloud-credentials` secret is being mounted into the Velero server pod at `/credentials`


			`## GCE/GKE`

			### `open credentials/cloud: no such file or directory`
			`This means that the secret containing the GCE service account credentials for Velero has not been created/mounted properly`
			`into the Velero server pod. Ensure the following:`

			* The `cloud-credentials` secret exists in the Velero server's namespace
			* The `cloud-credentials` secret has a single key, `cloud`, whose value is the contents of the `credentials-velero` file
			* The `cloud-credentials` secret is defined as a volume for the Velero deployment
			* The `cloud-credentials` secret is being mounted into the Velero server pod at `/credentials`

fix links to azure setup instructions (#1963) Signed-off-by: Steve Kriss <krisss@vmware.com> 2019-10-15 20:46:36 +00:00			`[0]: azure-config.md#create-service-principal`