Kubernetes Backup/Restore using Velero
Requirements
Please go though the Backup and Restore Recommendations before implementing the solution available at link https://docs.expertflow.com/x/-QKID
Backups using Velero requires at least one of the storage location available where backup can be saved. Below is the list of these options which are needed and must be catered before proceeding for backup solution.
Backup Type | Deployment Requirement | Distributed | DR |
---|---|---|---|
S3 Compatible Cloud Storage |
| Yes | Yes |
hostpath |
| No | No |
Deploy Velero
velero is the application used for managing all the backups and should be deployed on the cluster where CIM solution is deployed.
For an HA based deployments, the velero should be deployed on any of the Control-Plane nodes
Download the compatible version of velero
wget https://github.com/vmware-tanzu/velero/releases/download/v1.9.4/velero-v1.9.4-linux-amd64.tar.gz
untar + uncompress it
tar zxvf velero-v1.9.4-linux-amd64.tar.gz
and copy the velero binary to /usr/local/bin
cp velero-v1.9.4-linux-amd64/velero /usr/local/bin/
make it executable by running
chmod 777 /usr/local/bin/velero
S3 Compatible Storage
If the customer can provide S3, compatible storage, please use this link to configure Velero accordingly. However, if this is not possible, deploy the minio as S3 storage endpoint and direct all backups via velero to the minio storage. Minio can be deployed in different regions to make a complete DR fault tollerant backup/restore solution.
Kubernetes based deployment
If minio is to be deployed on any of kubernetes cluster, please use this helm command to deploy the minio
add the helm report
helm repo add bitnami https://charts.bitnami.com/bitnami
update the repo
helm repo update
deploy the default backup location
helm install minio-default \
--namespace velero \
--create-namespace \
--set resources.requests.memory=1Gi \
--set persistence.size=32Gi \
--set auth.rootUser=minio \
--set auth.rootPassword=minio123 \
--set service.type=NodePort \
--set service.nodePorts.api=30100 \
--set service.nodePorts.console=30200 \
--set provisioning.enabled=true \
--set provisioning.buckets[0].name=velero \
--set provisioning.buckets[0].policy=public \
--set provisioning.buckets[0].purge=true \
bitnami/minio
If more than 1 locations are needed, you can install multiple instances of minio in different locations (Optional )
helm install minio-primary \
--namespace velero \
--create-namespace \
--set resources.requests.memory=1Gi \
--set persistence.size=32Gi \
--set auth.rootUser=minio \
--set auth.rootPassword=minio123 \
--set service.type=NodePort \
--set service.nodePorts.api=30101 \
--set service.nodePorts.console=30201 \
--set provisioning.enabled=true \
--set provisioning.buckets[0].name=velero \
--set provisioning.buckets[0].policy=public \
--set provisioning.buckets[0].purge=true \
bitnami/minio
helm install minio-secondary \
--namespace velero \
--create-namespace \
--set resources.requests.memory=1Gi \
--set persistence.size=32Gi \
--set auth.rootUser=minio \
--set auth.rootPassword=minio123 \
--set service.type=NodePort \
--set service.nodePorts.api=30102 \
--set service.nodePorts.console=30202 \
--set provisioning.enabled=true \
--set provisioning.buckets[0].name=velero \
--set provisioning.buckets[0].policy=public \
--set provisioning.buckets[0].purge=true \
bitnami/minio
Host-Path as Backup Destination
In order to use host-Path of the host for backup location. This section expects that you have completed the velero deployment in step 1. Please follow these steps.
for a hostpath based backups, this should be considered only for single-node deployment
Create fake velero entry so that we can add local-path plugin and intialize it
velero install --use-restic --use-volume-snapshots=false --namespace velero --plugins velero/velero-plugin-for-aws:v1.2.0 --no-default-backup-location --no-secret
Install the velero host-path plugin
velero plugin add replicated/local-volume-provider:v0.3.3
confirm the host-path plugin is deployed successfully by running
velero plugin get
Sample output will look like
# velero plugin get
NAME KIND
velero.io/crd-remap-version BackupItemAction
velero.io/pod BackupItemAction
velero.io/pv BackupItemAction
velero.io/service-account BackupItemAction
replicated.com/hostpath ObjectStore
replicated.com/nfs ObjectStore
replicated.com/pvc ObjectStore
velero.io/aws ObjectStore
velero.io/add-pv-from-pvc RestoreItemAction
velero.io/add-pvc-from-pod RestoreItemAction
velero.io/admission-webhook-configuration RestoreItemAction
velero.io/apiservice RestoreItemAction
velero.io/change-pvc-node-selector RestoreItemAction
velero.io/change-storage-class RestoreItemAction
velero.io/cluster-role-bindings RestoreItemAction
velero.io/crd-preserve-fields RestoreItemAction
velero.io/init-restore-hook RestoreItemAction
velero.io/job RestoreItemAction
velero.io/pod RestoreItemAction
velero.io/restic RestoreItemAction
velero.io/role-bindings RestoreItemAction
velero.io/service RestoreItemAction
velero.io/service-account RestoreItemAction
velero.io/aws VolumeSnapshotter
Once the plugin is fully deployed ( it may take a while to deploy the plugin ) create the destination directory on the host using.
mkdir /var/my-host-path-to-snaps
and change its permission to 777 so that anyone can write to it.
chmod 777 /var/my-host-path-to-snaps
Add the backup location in velero
velero backup-location create default --default --bucket my-hostpath-snaps --provider replicated.com/hostpath --config path=/var/my-host-path-to-snaps,resticRepoPrefix=/var/velero-local-volume-provider/my-hostpath-snaps/restic
make sure the backup location is added and made available by looking though logs
kubectl logs deployment/velero -n velero
get the backup locations where backups will be saved
velero backup-location get
Commission the backup Destination
Create Credentials for Backup
cat <<EOF > credentials-velero
[default]
aws_access_key_id = minio
aws_secret_access_key = minio123
EOF
run the velero install to configure the backup destination
velero install \
--secret-file=./credentials-velero \
--provider=aws \
--bucket=velero \
--backup-location-config region=minio-default,s3ForcePathStyle=true,s3Url=http://minio-default.velero.svc.cluster.local:9000,publicUrl=http://localhost:30100 region=minio-default \
--plugins=velero/velero-plugin-for-aws:v1.4.0 \
--use-volume-snapshots=true \
--use-restic=true \
--snapshot-location-config region=minio-default \
--wait
and wait for the confirmation message from above command to finish the deployment on your production cluster.
Add Default backup location for Velero
This the where all your backups will be saved in case you dont provide any specific location
Add other location (Optional )
minio-primary
velero backup-location create primary \
--provider aws \
--bucket velero \
--config region=minio-primary,s3ForcePathStyle=true,s3Url=http://minio-primary.velero.svc.cluster.local:9000,publicUrl=http://localhost:30201
minio-secondary
velero backup-location create secondary \
--provider aws \
--bucket velero \
--config region=minio-secondary,s3ForcePathStyle=true,s3Url=http://minio-secondary.velero.svc.cluster.local:9000,publicUrl=http://localhost:30202
List all Backup-Locations
velero get backup-locations
the output will be similar to below given
# velero get backup-locations
NAME PROVIDER BUCKET/PREFIX PHASE LAST VALIDATED ACCESS MODE DEFAULT
default aws velero Available 2023-01-03 16:52:49 +0500 PKT ReadWrite true
primary aws velero Available 2023-01-03 16:52:41 +0500 PKT ReadWrite
secondary aws velero Available 2023-01-03 16:53:09 +0500 PKT ReadWrite
the default
location is the one which will be used as target backup-location when none is specified.
Create Backup
You can create backup for
- cluster
- namespace
- deployment
- POD
- label
Cluster Level Backup
For now we can configure velero to take backup of the ef-external namespace. This will always go to default backup-location
velero backup create ef-external-backup --include-namespaces=ef-external
if you want to specify a particular location of the backup you can use
velero backup create expertflow-backup --include-namespaces=expertflow --storage-location primary
OR
velero backup create expertflow-backup --include-namespaces=expertflow --storage-location secondary
Application Level Backup
Mongo
velero backup create mongo-backup --include-resources pvc,pv --selector release=mongodb
PostgreSQL
velero backup create mongo-backup --include-resources pvc,pv --selector release=postgresql -n ef-external
Schedule backups
Velero backups can be scheduled using iteration and frequency. like
velero create schedule system-critical --include-namespaces=expertflow --schedule="@every 24h"
Or
velero create schedule thrice-daily --schedule="@every 8h"
List all Backups in Velero
velero get backups
list all schedules
velero get schedules
Delete a specific scheduled backup
velero delete schedule velero-default
Delete backup
velero delete backups <BACKUP-NAME>
Status of backup
velero backup describe ex-backup
Restore
To restore from a particular backup
velero restore create --from-backup <BACKUP-NAME>
this will restore the components to same state when backup was taken.