Install Velero with HELM in GCP

ctit_
ctit_
Feb 25 · 2 min read

The backup for Kubernetes.

Velero is an open source tool to safely backup and restore, perform disaster recovery, and migrate Kubernetes cluster resources and persistent volumes.

Site Official: https://velero.io/

Official Repo: https://github.com/vmware-tanzu/velero

Algunas de los casos de uso para Velero son:

  • Someone accidentally deleted a namespace
  • Kubernetes API upgrade failed and you need to revert back
  • Network went down.
  • Cluster goes into an unrecoverable state
  • Latest application push introduced a critical bug that wiped a persistent volume and you lost the data.
  • Rare case of a natural disaster making your cluster inaccessible.

One of the features that Velero has is that backups can be made through an S3 or GCP bucket, so we can have a history of the backups in the CloudProvider that we choose.

In this case, we will use HELM for the deployment of Sailboat, saving the backups in an S3 Bucket, generating the ServicesAccout through the gcloud consolidation.

Previous requirements::

  • Kubernetes > 1.10
  • Velero CLI(Install)
  • Helm 2

Velero Installation

1.- Create IAM for GCP

export PROJECT_ID=$(gcloud config get-value project)echo $PROJECT_IDgcloud iam service-accounts create velero — display-name “Velero service account”export SERVICE_ACCOUNT_EMAIL=$(gcloud iam service-accounts list — filter=”displayName:Velero service account” — format ‘value(email)’)echo $SERVICE_ACCOUNT_EMAIL

2.- Create Bucket for Velero Backup.

export BUCKET=”bkp-velero”gsutil mb gs://$BUCKET/

3.- Create Role and mapping permissions on the bucket.

* You must have permission to create Roles in GCP

gcloud iam roles create veleros.server — project $PROJECT_ID — title “Velero Server” — permissions compute.disks.get,compute.disks.create,compute.disks.createSnapshot,compute.snapshots.get,compute.snapshots.create,compute.snapshots.useReadOnly,compute.snapshots.deletegsutil iam ch serviceAccount:$SERVICE_ACCOUNT_EMAIL:objectAdmin gs://{$BUCKET}

4.- Create File for secret within K8S.

gcloud iam service-accounts keys create credentials-velero — iam-account $SERVICE_ACCOUNT_EMAIL

5.- Create secret inside the NS of sailboat within K8S.

kubectl create ns velerokubectl create secret generic cloud-credentials — namespace velero — from-file cloud=credentials-velero

6.- Configure in the Values.yaml the values ​​of the secret and the bucket created.

helm repo add vmware-tanzu https://vmware-tanzu.github.io/helm-chartshelm inspect values vmware-tanzu/velero > values.yamlprovider: gcpbackupStorageLocation:name: gcpbucket: bkp-velerocredentials:useSecret: trueexistingSecret: cloud-credentials

7.- InstallVelero through Helm.

helm install vmware-tanzu/velero --name velero --namespace velero -f values.yaml --version 2.8.7 --set imageTag=1.2.0

BackUP Creation

1.- Backup Programming

velero create schedule cert-manager --schedule=”@every 24h” --include-namespaces kube-system

2.- List backup schedules

velero get schedules

3.- List BackUp Performed

velero get backups

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade