Know How to Use Velero to Backup and Migrate Kubernetes Resources and Persistent Volumes

Published in

Opstree

5 min readApr 5, 2022

“Murphy’s law doesn’t mean that something bad will happen. It means that whatever can happen, will happen.” This is something related to destiny but we should not totally rely upon it and should be prepared for the worst.
The same philosophy referenced above applies to the tech world too. That’s the reason we should be prepared with our backup options choices possibly, a data set or Kubernetes cluster.

Kubernetes backup solutions bring down the risk and empower faster recovery time while providing key benefits like: disaster recovery and backup & restore. Now we have to explore some simple and convenient options to take Kubernetes backup. While working on a similar project I came to know about Velero which can fulfil our needs to take Kubernetes backup and restore and it is easy to use.

Velero is an open-source tool for securely backing up and restoring resources in a Kubernetes cluster, performing disaster recovery, and moving resources and persistent volumes to another Kubernetes cluster.

Velero lets you:

Take backups of our cluster and restore in case of loss.
Migrate cluster resources to other clusters.
Replicate our production cluster with development and testing clusters.

Agenda Of this blog:

To set up Velero on AlibabaCloud:
Download the official release of velero
Create our OSS bucket
Create a RAM user and secrets file for Velero
Install the velero and velero-plugin for alibabacloud
Create the backup into OSS bucket
Restore the backup in the same cluster or another cluster
Run velero on AzureCloud to migrate the Kubernetes resources
Migrate the OSS bucket to the Azure storage account
Create Credentials file for azure Velero
Install the velero and velero-plugin for azurecloud
Test the backup and restore/migrate from the storage account

Run velero on AlibabaCloud

To do backup/restore on Alibaba Cloud via Valero utility, you need to install and configure Valero-plugin for Alibaba Cloud.

Download the official release of velero & install

https://github.com/vmware-tanzu/velero/releases/tag/v<velero_version>

tar -xvf <RELEASE-TARBALL-NAME>.tar.gz

Note: Move the extracted velero binary to somewhere in your $PATH (e.g. /usr/local/bin)

Create OSS bucket on Alibaba cloud

BUCKET=<YOUR_BUCKET> REGION=<YOUR_REGION>ossutil mb oss://$BUCKET \ --storage-class Standard \ --acl=private

Create an RAM user and secrets file for Velero

{ "Version": "1", "Statement": [ { "Action": [ "ecs:DescribeSnapshots", "ecs:CreateSnapshot", "ecs:DeleteSnapshot", "ecs:DescribeDisks", "ecs:CreateDisk", "ecs:Addtags", "oss:PutObject", "oss:GetObject", "oss:DeleteObject", "oss:GetBucket", "oss:ListObjects" ], "Resource": [ "*" ], "Effect": "Allow" } ] }

Create an access key and secret key for the user.
Create a Velero-specific credentials file example: credentials-velero

ALIBABA_CLOUD_ACCESS_KEY_ID=<ALIBABA_CLOUD_ACCESS_KEY_ID> ALIBABA_CLOUD_ACCESS_KEY_SECRET=<ALIBABA_CLOUD_ACCESS_KEY_SECRET> ALIBABA_CLOUD_OSS_ENDPOINT=<ALIBABA_CLOUD_OSS_ENDPOINT>

Note: oss endpoint is the value oss-$REGION.aliyuncs.com

Install the velero and velero-plugin for alibabacloud

kubectl create namespace velerovelero install \ --provider alibabacloud \ --namespace velero \ --image registry.$REGION.aliyuncs.com/acs/velero:1.4.2-2b9dce65-aliyun \ --bucket $BUCKET \ --secret-file ./credentials-velero \ --use-volume-snapshots=false \ --backup-location-config region=$REGION \ --use-restic \ --plugins registry.$REGION.aliyuncs.com/acs/velero-plugin-alibabacloud:v1.0.0-2d33b89 \ --waitkubectl logs deploy/velero -n velero

Create the backup into the OSS bucket

1. velero backup create my-backup 2. velero backup logs my-backup

Create a new cluster and restore the backup using velero

Note: If we will create a new cluster, follow the above steps to Install the velero and velero-plugin for alibabacloud k8s cluster

velero get backup

Run velero on AzureCloud

To do backup/migrate on Alibaba Cloud through Velero utility, you need to install and configure velero and velero-plugin for azurecloud.

Migrate the OSS bucket to the Azure storage account

1. STORAGE_ACCOUNT='Name' 2. STORAGE_RESOURCE_GROUP='RG_name' 3. az storage account create -n $STORAGE_ACCOUNT -g $STORAGE_RESOURCE_GROUP1. STORAGE_CONTAINER_NAME='Container_name' 2. az storage container create --account-name $STORAGE_ACCOUNT -n $STORAGE_CONTAINER_NAME

1. azcopy cp "/root/uat-noon1/*" "https://storageaccount.blob.core.windows.net/new1?XXXXXXXXXXXX --recursive=true.

Create Credentials file for azure Velero

1. AZURE_RESOURCE_GROUP=$(az aks show -n mycluster -g myresourcegroup --query "nodeResourceGroup" -o tsv)1. AZURE_SUBSCRIPTION_ID=$(az account list --query '[?isDefault].id' -o tsv) 2. AZURE_TENANT_ID=$(az account list --query '[?isDefault].tenantId' -o tsv)1. AZURE_CLIENT_SECRET=$(az ad sp create-for-rbac --name "mycluster-velero" --role "Contributor" --query 'password' -o tsv) 2. AZURE_CLIENT_ID=$(az ad sp list --display-name "mycluster-velero" --query '[0].appId' -o tsv)cat << EOF > ./credentials-velero-azure AZURE_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID} AZURE_TENANT_ID=${AZURE_TENANT_ID} AZURE_CLIENT_ID=${AZURE_CLIENT_ID} AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET} AZURE_RESOURCE_GROUP=${AZURE_RESOURCE_GROUP} AZURE_CLOUD_NAME=AzurePublicCloud EOF

Install the velero and velero-plugin for azurecloud

1. kubectl create ns velero 2. kubectl create secret generic velero-credentials -n velero --from-literal="cloud=$(cat ./credentials-velero-azure)"helm repo add vmware-tanzu https://vmware-tanzu.github.io/helm-chartshelm install velero vmware-tanzu/velero --namespace velero --version 2.13.2 \ --set "initContainers[0].image=velero/velero-plugin-for-microsoft-azure:v1.1.0" \ --set "initContainers[0].imagePullPolicy=IfNotPresent" \ --set "initContainers[0].volumeMounts[0].mountPath=/target" \ --set "initContainers[0].volumeMounts[0].name=plugins" \ --set "initContainers[0].name=velero-plugin-for-azure" \ --set credentials.existingSecret='velero-credentials' \ --set configuration.provider='azure' \ --set configuration.backupStorageLocation.bucket=$STORAGE_CONTAINER_NAME \ --set configuration.backupStorageLocation.config.resourceGroup=$STORAGE_RESOURCE_GROUP \ --set configuration.backupStorageLocation.config.storageAccount=$STORAGE_ACCOUNT \ --set configuration.backupStorageLocation.config.subscriptionId=$AZURE_SUBSCRIPTION_ID \ --set configuration.volumeSnapshotLocation.name='azure-eastus' \ --set configuration.volumeSnapshotLocation.config.resourceGroup=$STORAGE_RESOURCE_GROUP \ --set configuration.volumeSnapshotLocation.config.subscriptionId=$AZURE_SUBSCRIPTION_IDkubectl get pods -n velero

Testing the backup and restore/migrate from the storage account

Note: Backup restore starts and it will take some time

Conclusion:

Valero is an open-source tool for securely backing up and restoring resources in the Kubernetes cluster, performing disaster recovery, moving resources and persistent volumes to another Kubernetes cluster. The best part about the Valero tool is that you need not worry about your Kubernetes cluster, it will take auto backup on a timely basis. Last but not least it has the capabilities to restore the complete Kubernetes cluster or the basis of namespaces in another cluster if something goes wrong with your Kubernetes cluster.

Originally published at http://blog.opstree.com on April 5, 2022.