use velero to backup EKS cluster (2022)
I am starting from a freshly install WSL2 environment, so my first step is to download my SSH key and connect to an EC2 instance where I already have awscli and kubectl installed.
chmod 600 SG-xxx.pem
ssh -i "SG-xxx.pem" ubuntu@ec2-1-2-3-4.ap-southeast-1.compute.amazonaws.com
then check and set the current context to my EKS:
k config current-context
k config use-context arn:aws:eks:ap-southeast-1:123456789:cluster/cnc-cluster
okay, to use velero, we basically need to install 2 components:
— install velero CLI
# install velero CLI
$ cd /home/ubuntu/installer/velero$ wget https://github.com/vmware-tanzu/velero/releases/download/v1.9.2/velero-v1.9.2-linux-amd64.tar.gz$ tar xvf velero-v1.9.2-linux-amd64.tar.gz$ echo 'export PATH="$PATH:/home/ubuntu/installer/velero/velero-v1.9.2-linux-amd64n"' >> ~/.bashrc
— create a S3 bucket as the backup destination
$ BUCKET=shichao-velero
$ REGION=ap-southeast-1
$ aws s3api create-bucket \
--bucket $BUCKET \
--region $REGION \
--create-bucket-configuration LocationConstraint=$REGION
— create an IAM user for velero operations
$ aws iam create-user --user-name velero
— create a user policy for velero to access ec2 and s3 and attach it
$ cat > velero-policy.json <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeVolumes",
"ec2:DescribeSnapshots",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:CreateSnapshot",
"ec2:DeleteSnapshot"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts"
],
"Resource": [
"arn:aws:s3:::${BUCKET}/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::${BUCKET}"
]
}
]
}
EOF$ aws iam put-user-policy \
--user-name velero \
--policy-name velero \
--policy-document file://velero-policy.json
$ aws iam create-access-key --user-name velero# put credentials in a local file$ vim credentials-velero
[default]
aws_access_key_id=ssssssssssssss
aws_secret_access_key=kkkkkkkkkkkkkkk
— install velero server to EKS in namespace velero
$ velero install \
--provider aws \
--plugins velero/velero-plugin-for-aws:v1.4.0 \
--bucket $BUCKET \
--backup-location-config region=$REGION \
--snapshot-location-config region=$REGION \
--secret-file ./credentials-velero$ k get ns
how to do the backup?
$ velero backup-location get
NAME PROVIDER BUCKET/PREFIX PHASE LAST VALIDATED ACCESS MODE DEFAULT
default aws shichao-velero Available 2022-10-09 08:25:27 +0000 UTC ReadWrite true
$ velero backup create backup-oct8-2022-t1
$ velero backup describe backup-oct8-2022-t1
We shall now see the backup in S3