Prerequisites
- AWS CLI needs to be configured in the machine where you execute Velero commands.
- Kubectl needs to be configured with the EKS cluster where you need to take the backup.
Now we have to create an S3 bucket and IAM user to configure the Velero Backup.
To create S3 bucket,
From AWS Console, go to AWS -> S3 -> create bucket
Create an IAM user.
From AWS Console, go to AWS -> IAM Console -> add user
Add the below permission to the user and replace ${BUCKET} with the S3 bucket name which we created for velero.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeVolumes",
"ec2:DescribeSnapshots",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:CreateSnapshot",
"ec2:DeleteSnapshot"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts"
],
"Resource": [
"arn:aws:s3:::${VELERO_BUCKET}/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::${VELERO_BUCKET}"
]
}
]
}
Create a Velero-specific credentials file (credentials-velero) in your machine:
1
2
3
[default]
aws_access_key_id=<AWS_ACCESS_KEY_ID>
aws_secret_access_key=<AWS_SECRET_ACCESS_KEY>
Replace AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY witn your Access key and secret key.
INSTALL VELERO Client
Below is a listing of plugin versions and respective Velero versions that are compatible.
| Plugin Version | Velero Version |
|---|---|
| v1.3.x | v1.7.x |
| v1.2.x | v1.6.x |
| v1.1.x | v1.5.x |
| v1.1.x | v1.4.x |
| v1.0.x | v1.3.x |
| v1.0.x | v1.2.0 |
Install Velero binary:
1
wget https://github.com/vmware-tanzu/velero/releases/download/v1.7.0/velero-v1.7.0-linux-amd64.tar.gz
Ref: https://github.com/vmware-tanzu/velero/releases
Extract the tarball:
1
tar -xvf velero-v1.7.0-linux-amd64.tar.gz -C /tmp
Move the extracted velero binary to /usr/local/bin
1
sudo mv /tmp/velero-v1.7.0-linux-amd64/velero /usr/local/bin
Verify installation
velero version
1
2
3
4
5
6
$ velero version
Client:
Version: v1.7.0
Git commit: 9e52260568430ecb77ac38a677ce74267a8c2176
Server:
Version: v1.7.0
Install and start Velero
Install Velero, including all prerequisites, into the cluster and start the deployment. This will create a namespace called velero, and place a deployment named velero in it.
1
2
3
4
5
6
7
velero install \
--provider aws \
--plugins velero/velero-plugin-for-aws:v1.3.0 \
--bucket $BUCKET \
--backup-location-config region=$REGION \
--snapshot-location-config region=$REGION \
--secret-file ./credentials-velero
Example
1
2
3
4
5
6
7
velero install \
--provider aws \
--plugins velero/velero-plugin-for-aws:v1.3.0 \
--bucket eks-backups \
--backup-location-config region=us-west-2 \
--snapshot-location-config region=us-west-2 \
--secret-file ./credentials-velero
Inspect the resources created.
1
kubectl get all -n velero
Example
1
2
3
4
5
6
7
8
9
$ kubectl get all -n velero
NAME READY STATUS RESTARTS AGE
pod/velero-fbf6dfbc8-qjlp7 1/1 Running 0 3d19h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/velero 1/1 1 1 3d19h
NAME DESIRED CURRENT READY AGE
replicaset.apps/velero-fbf6dfbc8 1 1 1 3d19h
DEPLOY TEST APPLICATION
Create namespace and deploy the application
1
2
3
kubectl create namespace angel
kubectl create deployment nginx --image=nginx -n angel
1
2
velero backup create <backupname> --include-namespaces <namespacename>
velero backup create test1 --include-namespaces angel
Check the status of backup
1
velero backup describe <backupname>
Check-in S3 bucket : backup is stored in the S3 bucket.
Let’s delete the ‘angel’ namespace to simulate a disaster
1
kubectl delete namespace angel
Restore angel namespace restore: Run the velero restore command from the backup created. It may take a couple of minutes to restore the namespace.
1
2
velero restore create --from-backup <backupname>
velero restore create --from-backup test1
Verify if deployments, replica sets, services, and pods are restored.
To schedule,
1
velero schedule create backup-sample --schedule="05 23 * * *" --include-namespaces sample
That’s it!