Installing Velero
Velero is a client-server utility for backing up and restoring Kubernetes cluster resources.
-
Make sure that:
- Either the worker node groups have at least 2 vCPUs available;
- Or automatic scaling is enabled.
-
Make sure that you can connect to the cluster with
kubectl. -
Install OpenStack CLI if it is not already installed. Make sure that you can authorize in the cloud using it.
-
Create a Hotbox bucket to store backups in the Object Storage service.
-
Create an account in the Object Storage service.
Save the account's key ID and secret to the
s3_credsfile:[default]aws_access_key_id=<Access Key ID>aws_secret_access_key=<Secret Key> -
Determine which version of Velero is compatible with the Kubernetes cluster version you want to install Velero in.
-
Download the correct version of the Velero client.
-
Determine the version of the AWS plugin that is compatible with Velero version.
-
Add the path to the client to the environment variable:
Pathfor Windows.PATHfor Linux/macOS.
-
Install the server part of Velero in the Kubernetes cluster. In the command, specify the name of the bucket created for Velero and the path to the
s3_credsfile with the account data:Linux/macOSWindowsvelero install \--plugins \velero/velero-plugin-for-aws:v<selected AWS plugin version>,registry.infra.mail.ru:5010/velero/velero-plugin-mcs:v1.2.2 \--provider aws \--bucket <Velero bucket name> \--secret-file <path to s3_creds file> \--use-volume-snapshots=false \--backup-location-config \region=ru-msk,s3ForcePathStyle="true",s3Url=https://hb.bizmrg.com:443After the installation is complete, a message will be displayed:
Velero is installed! ⛵ Use 'kubectl logs deployment/velero -n velero' to view the status. -
Create a Kubernetes secret so that the server part of Velero can authorize in the VK Cloud:
Linux/macOSWindowskubectl -n velero create secret generic openstack-cloud-credentials \--from-literal OS_PROJECT_ID=$OS_PROJECT_ID \--from-literal OS_REGION_NAME=$OS_REGION_NAME \--from-literal OS_IDENTITY_API_VERSION=$OS_IDENTITY_API_VERSION \--from-literal OS_PASSWORD=$OS_PASSWORD \--from-literal OS_AUTH_URL=$OS_AUTH_URL \--from-literal OS_USERNAME=$OS_USERNAME \--from-literal OS_INTERFACE=$OS_INTERFACE \--from-literal OS_FILE_OPERATION_TIMEOUT=$OS_FILE_OPERATION_TIMEOUT \--from-literal OS_DOMAIN_NAME=$OS_USER_DOMAIN_NAME \-o yamlOutput should contain a similar information:
apiVersion: v1data:OS_AUTH_URL: ...OS_DOMAIN_NAME: ......kind: Secretmetadata:creationTimestamp: ...name: openstack-cloud-credentialsnamespace: veleroresourceVersion: ...selfLink: ...uid: ...type: Opaque -
Patch the Velero deployment in the cluster. This is needed for:
-
limiting resource consumption by Velero plugins for AWS and VK Cloud;
-
specifying the secret with variables for authorization in VK Cloud.
-
Create a file with the patch:
-
Apply the patch to the Velero deployment:
kubectl patch deployment velero -n velero --patch-file velero-patch.yamlThe Velero deployment will be patched and restarted.
-
-
Create a default snapshot location by running the command:
velero snapshot-location create default --provider openstack --config region=ru-msk
-
Run the command to check the configured plugins:
velero plugin getThe output of the command should contain the following plugins:
NAME KIND... ...velero.io/aws VolumeSnapshottervelero.io/openstack VolumeSnapshotter -
Run the command to check the configured backup locations:
velero backup-location getA similar information should be displayed:
NAME PROVIDER BUCKET/PREFIX PHASE LAST VALIDATED ACCESS MODE DEFAULTdefault aws ... Available ... ReadWrite true -
Run the command to check the configured snapshot locations:
velero snapshot-location getA similar information should be displayed:
NAME PROVIDERdefault openstack
Run the command:
velero uninstall