Know How to Use Velero to Backup and Migrate Kubernetes Resources and Persistent Volumes
“Murphy’s law doesn’t mean that something bad will happen. It means that whatever can happen, will happen.” This is something related to destiny but we should not totally rely upon it and should be prepared for the worst.
The same philosophy referenced above applies to the tech world too. That’s the reason we should be prepared with our backup options choices possibly, a data set or Kubernetes cluster.
Kubernetes backup solutions bring down the risk and empower faster recovery time while providing key benefits like: disaster recovery and backup & restore. Now we have to explore some simple and convenient options to take Kubernetes backup. While working on a similar project I came to know about Velero which can fulfil our needs to take Kubernetes backup and restore and it is easy to use.
Velero is an open-source tool for securely backing up and restoring resources in a Kubernetes cluster, performing disaster recovery, and moving resources and persistent volumes to another Kubernetes cluster.
Velero lets you:
- Take backups of our cluster and restore in case of loss.
- Migrate cluster resources to other clusters.
- Replicate our production cluster with development and testing clusters.
Agenda Of this blog:
- To set up Velero on AlibabaCloud:
- Download the official release of velero
- Create our OSS bucket
- Create a RAM user and secrets file for Velero
- Install the velero and velero-plugin for alibabacloud
- Create the backup into OSS bucket
- Restore the backup in the same cluster or another cluster
- Run velero on AzureCloud to migrate the Kubernetes resources
- Migrate the OSS bucket to the Azure storage account
- Create Credentials file for azure Velero
- Install the velero and velero-plugin for azurecloud
- Test the backup and restore/migrate from the storage account
Run velero on AlibabaCloud
To do backup/restore on Alibaba Cloud via Valero utility, you need to install and configure Valero-plugin for Alibaba Cloud.
Download the official release of velero & install
https://github.com/vmware-tanzu/velero/releases/tag/v<velero_version>
tar -xvf <RELEASE-TARBALL-NAME>.tar.gz
Note: Move the extracted velero binary to somewhere in your $PATH (e.g. /usr/local/bin)
Create OSS bucket on Alibaba cloud
BUCKET=<YOUR_BUCKET> REGION=<YOUR_REGION>ossutil mb oss://$BUCKET \ --storage-class Standard \ --acl=private
Create an RAM user and secrets file for Velero
{ "Version": "1", "Statement": [ { "Action": [ "ecs:DescribeSnapshots", "ecs:CreateSnapshot", "ecs:DeleteSnapshot", "ecs:DescribeDisks", "ecs:CreateDisk", "ecs:Addtags", "oss:PutObject", "oss:GetObject", "oss:DeleteObject", "oss:GetBucket", "oss:ListObjects" ], "Resource": [ "*" ], "Effect": "Allow" } ] }
- Create an access key and secret key for the user.
- Create a Velero-specific credentials file example: credentials-velero
ALIBABA_CLOUD_ACCESS_KEY_ID=<ALIBABA_CLOUD_ACCESS_KEY_ID> ALIBABA_CLOUD_ACCESS_KEY_SECRET=<ALIBABA_CLOUD_ACCESS_KEY_SECRET> ALIBABA_CLOUD_OSS_ENDPOINT=<ALIBABA_CLOUD_OSS_ENDPOINT>
Note: oss endpoint is the value oss-$REGION.aliyuncs.com
Install the velero and velero-plugin for alibabacloud
kubectl create namespace velerovelero install \ --provider alibabacloud \ --namespace velero \ --image registry.$REGION.aliyuncs.com/acs/velero:1.4.2-2b9dce65-aliyun \ --bucket $BUCKET \ --secret-file ./credentials-velero \ --use-volume-snapshots=false \ --backup-location-config region=$REGION \ --use-restic \ --plugins registry.$REGION.aliyuncs.com/acs/velero-plugin-alibabacloud:v1.0.0-2d33b89 \ --waitkubectl logs deploy/velero -n velero
Create the backup into the OSS bucket
1. velero backup create my-backup 2. velero backup logs my-backup
Create a new cluster and restore the backup using velero
Note: If we will create a new cluster, follow the above steps to Install the velero and velero-plugin for alibabacloud k8s cluster
velero get backup
Run velero on AzureCloud
To do backup/migrate on Alibaba Cloud through Velero utility, you need to install and configure velero and velero-plugin for azurecloud.
Migrate the OSS bucket to the Azure storage account
1. STORAGE_ACCOUNT='Name' 2. STORAGE_RESOURCE_GROUP='RG_name' 3. az storage account create -n $STORAGE_ACCOUNT -g $STORAGE_RESOURCE_GROUP1. STORAGE_CONTAINER_NAME='Container_name' 2. az storage container create --account-name $STORAGE_ACCOUNT -n $STORAGE_CONTAINER_NAME
1. azcopy cp "/root/uat-noon1/*" "https://storageaccount.blob.core.windows.net/new1?XXXXXXXXXXXX --recursive=true.
Create Credentials file for azure Velero
1. AZURE_RESOURCE_GROUP=$(az aks show -n mycluster -g myresourcegroup --query "nodeResourceGroup" -o tsv)1. AZURE_SUBSCRIPTION_ID=$(az account list --query '[?isDefault].id' -o tsv) 2. AZURE_TENANT_ID=$(az account list --query '[?isDefault].tenantId' -o tsv)1. AZURE_CLIENT_SECRET=$(az ad sp create-for-rbac --name "mycluster-velero" --role "Contributor" --query 'password' -o tsv) 2. AZURE_CLIENT_ID=$(az ad sp list --display-name "mycluster-velero" --query '[0].appId' -o tsv)cat << EOF > ./credentials-velero-azure AZURE_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID} AZURE_TENANT_ID=${AZURE_TENANT_ID} AZURE_CLIENT_ID=${AZURE_CLIENT_ID} AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET} AZURE_RESOURCE_GROUP=${AZURE_RESOURCE_GROUP} AZURE_CLOUD_NAME=AzurePublicCloud EOF
Install the velero and velero-plugin for azurecloud
1. kubectl create ns velero 2. kubectl create secret generic velero-credentials -n velero --from-literal="cloud=$(cat ./credentials-velero-azure)"helm repo add vmware-tanzu https://vmware-tanzu.github.io/helm-chartshelm install velero vmware-tanzu/velero --namespace velero --version 2.13.2 \ --set "initContainers[0].image=velero/velero-plugin-for-microsoft-azure:v1.1.0" \ --set "initContainers[0].imagePullPolicy=IfNotPresent" \ --set "initContainers[0].volumeMounts[0].mountPath=/target" \ --set "initContainers[0].volumeMounts[0].name=plugins" \ --set "initContainers[0].name=velero-plugin-for-azure" \ --set credentials.existingSecret='velero-credentials' \ --set configuration.provider='azure' \ --set configuration.backupStorageLocation.bucket=$STORAGE_CONTAINER_NAME \ --set configuration.backupStorageLocation.config.resourceGroup=$STORAGE_RESOURCE_GROUP \ --set configuration.backupStorageLocation.config.storageAccount=$STORAGE_ACCOUNT \ --set configuration.backupStorageLocation.config.subscriptionId=$AZURE_SUBSCRIPTION_ID \ --set configuration.volumeSnapshotLocation.name='azure-eastus' \ --set configuration.volumeSnapshotLocation.config.resourceGroup=$STORAGE_RESOURCE_GROUP \ --set configuration.volumeSnapshotLocation.config.subscriptionId=$AZURE_SUBSCRIPTION_IDkubectl get pods -n velero
Testing the backup and restore/migrate from the storage account
Note: Backup restore starts and it will take some time
Conclusion:
Valero is an open-source tool for securely backing up and restoring resources in the Kubernetes cluster, performing disaster recovery, moving resources and persistent volumes to another Kubernetes cluster. The best part about the Valero tool is that you need not worry about your Kubernetes cluster, it will take auto backup on a timely basis. Last but not least it has the capabilities to restore the complete Kubernetes cluster or the basis of namespaces in another cluster if something goes wrong with your Kubernetes cluster.
Originally published at http://blog.opstree.com on April 5, 2022.