Velero

Velero is a tool for backing up, restoring, and migrating data in Kubernetes. It allows you to create backups, restore cluster states, and perform migrations between clusters.

To use Velero, you need to install the Velero CLI on your local machine and configure it in your Kubernetes cluster.

Prerequisites

Copy link

Before starting the installation, ensure you have:

• Access to your Kubernetes cluster configured via kubectl.
• An S3 bucket for storing backups. 

Create a separate namespace for Velero:

kubectl create namespace velero

Creating an S3 Secret

Copy link

To configure Velero's access to the S3 bucket, create a secret. Create a manifest file named velero-credentials-secret.yaml with the following content:

apiVersion: v1
kind: Secret
metadata:
  name: cloud-credentials
  namespace: velero
type: Opaque
stringData:
  cloud: |
    [default]
    aws_access_key_id=S3_Access_Key
    aws_secret_access_key=S3_Secret_Access_Key

Replace S3_Access_Key and S3_Secret_Access_Key with your S3 access credentials.

Apply the manifest:

kubectl apply -f velero-credentials-secret.yaml

Verify the secret creation:

kubectl describe secrets cloud-credentials -n velero

The Data.cloud value should not be empty.

Installing Velero CLI

Copy link

Linux

Copy link

Download the latest Velero release archive from the official GitHub releases page:

wget https://github.com/vmware-tanzu/velero/releases/download/v1.15.2/velero-v1.15.2-linux-amd64.tar.gz

Extract the archive:

tar -xvzf velero-v1.15.2-linux-amd64.tar.gz

Move the Velero binary to the /usr/local/bin directory:

sudo mv ./velero-v1.15.2-linux-amd64/velero /usr/local/bin/

macOS

Copy link

To install Velero on macOS, run:

brew install velero

Windows

Copy link

To install Velero on Windows using Chocolatey, run:

choco install velero

Verify Installation

Copy link

Check the installed version:

velero version

Installing Velero in the Cluster

Copy link

Create a values.yaml file with the minimum required configuration:

namespace:
  name: velero
  labels: {}

credentials:
  existingSecret: cloud-credentials

configuration:
  backupStorageLocation:
    - name: default
      provider: aws
      bucket: bucket_name
      default: true
      config:
        region: us-2
        s3ForcePathStyle: true
        s3Url: https://s3.hmstorage.net

  volumeSnapshotLocation:
    - name: default
      provider: aws
      config:
        region: us-2
initContainers:
  - name: velero-plugin-for-aws
    image: velero/velero-plugin-for-aws:v1.7.0
    volumeMounts:
      - mountPath: /target
        name: plugins

Parameter descriptions:

• backupStorageLocation: Configures the backup storage.
• bucket: The S3 bucket name.
• s3Url: The Hostman S3 storage URL.
• initContainers: Adds the required plugin for S3 integration.
• credentials.existingSecret: Refers to the previously created cloud-credentials secret containing the S3 access keys.

Via Control Panel

Copy link

1. Go to the Kubernetes section and click on the cluster.
2. Navigate to the Addons tab and select Velero.
3. Enable Advanced setup and upload the values.yaml file by clicking Upload configuration from file.
4. Click Install.

Wait for the installation to complete and check the pod status:

kubectl get pods -n velero

Via Helm

Copy link

You can install Velero using Helm.

1. Add the Velero repository:

helm repo add velero https://vmware-tanzu.github.io/helm-charts
helm repo update

2. Install Velero using the configuration file:

helm install velero velero/velero -f values.yaml --namespace velero

3. Verify the installation:

kubectl get pods -n velero

The status of Velero pods should be Running.

Usage

Copy link

To demonstrate how Velero works, we will create a test deployment with Nginx and show the process of creating a backup, deleting resources, and then restoring the data.

Creating a Backup

Copy link

Create a deployment with Nginx in a separate namespace:

kubectl create namespace nginx-test
kubectl create deployment nginx --image=nginx -n nginx-test

Create a backup:

velero backup create nginx-backup --include-namespaces nginx-test

We specified the --include-namespaces parameter to back up the entire namespace. You can also specify other parameters when creating a backup:

• --include-resources: Includes specific resources (e.g., pods, services).
• --exclude-resources: Excludes specific resources.
• --ttl: Sets the backup retention time (e.g., 10h15m0s).

Check the backup status:

velero backup describe nginx-backup

Restoring Data

Copy link

Delete the test namespace:

kubectl delete namespace nginx-test

Restore resources from the backup:

velero restore create --from-backup nginx-backup

Ensure that the namespace and deployment have been restored:

kubectl get all -n nginx-test

Managing Backup Schedules and Statuses

Copy link

In addition to creating backups manually, Velero allows you to automate backup creation on a schedule. You can also manage existing backups.

Configuring Automatic Backups

Copy link

You can configure a schedule for regular backups. For example, to back up all namespaces every day at midnight:

velero schedule create task_name --schedule "0 0 * * *" --include-namespaces '*'

• --schedule "0 0 * * *": Cron format schedule (every day at 00:00).
• --include-namespaces '*': Includes all namespaces.

To create backups for a single namespace every hour:

velero schedule create task_name --schedule "0 * * * *" --include-namespaces my-namespace

Check the backup schedule with:

velero schedule get

If a scheduled task is no longer needed, delete it with:

velero schedule delete task_name

Viewing and Managing Backups

Copy link

List all existing backups:

velero backup get

To delete an old backup, use:

velero backup delete backup_name

To check backup details, including its status and resources:

velero backup describe backup_name --details

These features provide flexible backup management and allow data restoration whenever needed.