Velero: Kubernetes Backup and Restore Solution for Azure AKS
Kubernetes is a powerful platform for managing and deploying applications. However, managing Kubernetes environments requires a robust solution for data protection and backups. This is where Velero comes into play. In this article, we will explore what Velero is, its purpose, and how it can be used.
What is Velero?
Velero (formerly known as Heptio Ark) is an open-source backup, restore, and disaster recovery solution for Kubernetes environments. Velero allows you to back up your Kubernetes cluster resources and persistent volumes, restore them to a specific point in time, and migrate cluster resources across different environments. You can run Velero with a cloud provider or on-premises. Velero lets you:
- Take backups of your cluster and restore in case of loss.
- Migrate cluster resources to other clusters.
- Replicate your production cluster to development and testing clusters.
Velero consists of:
- A server that runs on your cluster
- A command-line client that runs locally
How to Use Velero?
Before using Velero, I will show you how to install the Velero CLI tool on your local machine, from where you will manage Kubernetes. After that, depending on your preference, I will demonstrate how to take a backup of your cluster and restore it to another Kubernetes cluster. This can be done either in a cloud environment (AWS EKS, Azure AKS, or GKE) or on a cluster set up with kubeadm.
Back up, restore workload clusters using Velero
In my next article, I will demonstrate this on AWS EKS and GKE. However, for now, I will show you by setting up two Kubernetes clusters on Azure.
Step-1: First, I created an Azure AKS (Azure Kubernetes Service)on Azure and deployed a sample application into it for demonstration purposes. Next, I will install Velero onto this Azure AKS and take its backup.
Step-2: First, install Velero cli tool.
- https://velero.io/docs/v1.8/basic-install/
- https://github.com/vmware-tanzu/velero/releases/tag/v1.13.2
curl -LO https://github.com/vmware-tanzu/velero/releases/download/v1.13.2/velero-v1.13.2-linux-amd64.tar.gz
tar zxvf velero-v1.13.2-linux-amd64.tar.gz
sudo mv velero-v1.13.2-linux-amd64/velero /usr/local/bin/velero
Step-3: Install Velero with Azure Blob Storage
- You can install Velero on Azure AKS by following the instructions in this link.
- https://learn.microsoft.com/en-us/azure/aks/hybrid/backup-workload-cluster
- https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure#compatibility
# velidate subscription id
export AZURE_SUBSCRIPTION_NAME="Microsoft Azure Sponsorship"
export AZURE_SUBSCRIPTION_ID=$(az account list --query="[?name=='$AZURE_SUBSCRIPTION_NAME'].id | [0]" -o tsv)
az account set -s $AZURE_SUBSCRIPTION_ID
# Create resource group
export AZURE_BACKUP_RESOURCE_GROUP=Velero_Backup
export LOCATION=eastus2
az group create -n $AZURE_BACKUP_RESOURCE_GROUP --location $LOCATION
# Create the storage account
export AZURE_STORAGE_ACCOUNT_ID="veleromkanus"
az storage account create \
--name $AZURE_STORAGE_ACCOUNT_ID \
--resource-group $AZURE_BACKUP_RESOURCE_GROUP \
--sku Standard_GRS \
--encryption-services blob \
--https-only true \
--min-tls-version TLS1_2 \
--kind BlobStorage \
--access-tier Hot
# Create a blob container
export BLOB_CONTAINER="veleromkanus"
az storage container create -n $BLOB_CONTAINER --public-access off --account-name $AZURE_STORAGE_ACCOUNT_ID
# set the resource_group with azure aks containing MC letters
# WARNING: If you're using AKS, AZURE_RESOURCE_GROUP must be set to the name of the auto-generated resource group that is created when you provision your cluster in Azure, since this is the resource group that contains your cluster's virtual machines/disks.
export AZURE_RESOURCE_GROUP=MC_rg-AKS1_AKS1_eastus2
# Create a service principal that has Contributor privileges
export SP_NAME=veleromkanus
az ad sp create-for-rbac --name $SP_NAME --role contributor \
--scopes /subscriptions/$AZURE_SUBSCRIPTION_ID \
--json-auth
# After creating the service principal, obtain the client id.
# NOTE: Ensure that value for --name does not conflict with other service principals/app registrations.
export AZURE_CLIENT_ID=`az ad sp list --display-name "$SP_NAME" --query '[0].appId' -o tsv`
# After creating the service principal, obtain the client id.
export AZURE_CLIENT_ID=`az ad sp list --display-name "$SP_NAME" --query '[0].appId' -o tsv`
# (Optional)Assign additional permissions to the service principal (For useAAD=true with built-in role)
az role assignment create --assignee $AZURE_CLIENT_ID --role "Storage Blob Data Contributor" --scope /subscriptions/$AZURE_SUBSCRIPTION_ID
# Create a file that contains the variables the Velero installation requires. The command looks similar to the following one
# Important: Delete this file after you install Velero. The client secret is in plaintext, which can pose a security risk.
cat << EOF > ./credentials-velero.txt
AZURE_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID}
AZURE_TENANT_ID=${AZURE_TENANT_ID}
AZURE_CLIENT_ID=${AZURE_CLIENT_ID}
AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET}
AZURE_RESOURCE_GROUP=${AZURE_RESOURCE_GROUP}
AZURE_CLOUD_NAME=AzurePublicCloud
EOF
# Install Velero on the cluster, and start the deployment.
# This procedure creates a namespace called velero and adds a deployment named velero to the namespace.
# Install Velero using the following command.
# You'll need to customize the example command.
velero install --provider azure \
--plugins velero/velero-plugin-for-microsoft-azure:v1.5.0 \
--bucket $BLOB_CONTAINER \
--secret-file ./credentials-velero.txt \
--backup-location-config resourceGroup=$AZURE_BACKUP_RESOURCE_GROUP,storageAccount=$AZURE_STORAGE_ACCOUNT_ID,subscriptionId=$AZURE_SUBSCRIPTION_ID \
--use-node-agent \
--uploader-type resticStep-4: You can verify that all commands have been applied by checking the command output or the logs for any error messages or indications of successful execution. Additionally, you can use commands like kubectl get all -n velero to see if the Velero components have been deployed successfully and are running as expected on your Azure AKS cluster.
- You can see the Velero commands from the link below.
- https://github.com/mutazn/Backup-and-Restore-AKS-cluster-using-Velero
So far, we have created an AKS1 Kubernetes cluster on Azure, deployed a sample application with PV and PVC, and finally installed Velero to take a backup of this cluster.
Step-5: At this stage, assuming that some namespaces of the AKS1 Kubernetes cluster have been deleted or the entire cluster has crashed for any reason, we will see how to restore the backup of the AKS1 Kubernetes cluster to a newly created AKS2 Kubernetes cluster.
- For this, we will create another Azure AKS named AKS2 on Azure.
- As seen, Velero is not yet installed on the AKS2 Kubernetes cluster.
Step-6: Now, we will install Velero on it using the following steps on the AKS2 Kubernetes cluster.
#Save Velero credentials to local file.
cat << EOF > ./credentials-velero.txt
AZURE_SUBSCRIPTION_ID="${SUBSCRIPTION_ID}"
AZURE_TENANT_ID="${TENANT_ID}"
AZURE_CLIENT_ID="${AZURE_CLIENT_ID}"
AZURE_CLIENT_SECRET="${AZURE_CLIENT_SECRET}"
AZURE_RESOURCE_GROUP="${TARGET_AKS_INFRASTRUCTURE_RESOURCE_GROUP}"
AZURE_CLOUD_NAME=AzurePublicCloud
EOF
# Install Velero on the cluster, and start the deployment.
# This procedure creates a namespace called velero and adds a deployment named velero to the namespace.
# Install Velero using the following command.
# You'll need to customize the example command.
velero install --provider azure \
--plugins velero/velero-plugin-for-microsoft-azure:v1.5.0 \
--bucket $BLOB_CONTAINER \
--secret-file ./credentials-velero.txt \
--backup-location-config resourceGroup=$AZURE_BACKUP_RESOURCE_GROUP,storageAccount=$AZURE_STORAGE_ACCOUNT_ID,subscriptionId=$AZURE_SUBSCRIPTION_ID \
--use-node-agent \
--uploader-type restic
The last step: Now, let’s restore the backup from AKS1 to AKS2.
“In conclusion, Velero provides a robust solution for backing up and restoring Kubernetes clusters, ensuring data integrity and business continuity in case of unexpected failures or migrations.”
Thank you for adding my article to your reading list! If you enjoyed it and found it helpful, please consider following me and giving the article a clap. Your support means a lot and helps me continue creating content that you love.
Thanks again, and happy reading!
