Installing Velero
Velero is a client-server utility for backing up and restoring Kubernetes cluster resources.
-
Make sure that:
- Either the worker node groups have at least 2 vCPUs available;
- Or automatic scaling is enabled.
-
Make sure that you can connect to the cluster with
kubectl
. -
Install OpenStack CLI if it is not already installed. Make sure that you can authorize in the cloud using it.
-
Create a Hotbox bucket to store backups in the Object Storage service.
-
Create an account in the Object Storage service.
Save the account's key ID and secret to the
s3_creds
file:1[default] 2aws_access_key_id=<Access Key ID> 3aws_secret_access_key=<Secret Key>
-
Determine which version of Velero is compatible with the Kubernetes cluster version you want to install Velero in.
-
Download the correct version of the Velero client.
-
Determine the version of the AWS plugin that is compatible with Velero version.
-
Add the path to the client to the environment variable:
Path
for Windows.PATH
for Linux/macOS.
-
Install the server part of Velero in the Kubernetes cluster. In the command, specify the name of the bucket created for Velero and the path to the
s3_creds
file with the account data:Linux/macOSWindows1velero install \ 2--plugins \ 3 velero/velero-plugin-for-aws:v<selected AWS plugin version>,registry.infra.mail.ru:5010/velero/velero-plugin-mcs:v1.2.2 \ 4--provider aws \ 5--bucket <Velero bucket name> \ 6--secret-file <path to s3_creds file> \ 7--use-volume-snapshots=false \ 8--backup-location-config \ 9 region=ru-msk,s3ForcePathStyle="true",s3Url=https://hb.bizmrg.com:443
After the installation is complete, a message will be displayed:
Velero is installed! ⛵ Use 'kubectl logs deployment/velero -n velero' to view the status.
-
Create a Kubernetes secret so that the server part of Velero can authorize in the VK Cloud:
Linux/macOSWindows1kubectl -n velero create secret generic openstack-cloud-credentials \ 2 --from-literal OS_PROJECT_ID=$OS_PROJECT_ID \ 3 --from-literal OS_REGION_NAME=$OS_REGION_NAME \ 4 --from-literal OS_IDENTITY_API_VERSION=$OS_IDENTITY_API_VERSION \ 5 --from-literal OS_PASSWORD=$OS_PASSWORD \ 6 --from-literal OS_AUTH_URL=$OS_AUTH_URL \ 7 --from-literal OS_USERNAME=$OS_USERNAME \ 8 --from-literal OS_INTERFACE=$OS_INTERFACE \ 9 --from-literal OS_FILE_OPERATION_TIMEOUT=$OS_FILE_OPERATION_TIMEOUT \ 10 --from-literal OS_DOMAIN_NAME=$OS_USER_DOMAIN_NAME \ 11 -o yaml
Output should contain a similar information:
1apiVersion: v1 2data: 3 OS_AUTH_URL: ... 4 OS_DOMAIN_NAME: ... 5 ... 6kind: Secret 7metadata: 8 creationTimestamp: ... 9 name: openstack-cloud-credentials 10 namespace: velero 11 resourceVersion: ... 12 selfLink: ... 13 uid: ... 14type: Opaque
-
Patch the Velero deployment in the cluster. This is needed for:
-
limiting resource consumption by Velero plugins for AWS and VK Cloud;
-
specifying the secret with variables for authorization in VK Cloud.
-
Create a file with the patch:
-
Apply the patch to the Velero deployment:
kubectl patch deployment velero -n velero --patch-file velero-patch.yaml
The Velero deployment will be patched and restarted.
-
-
Create a default snapshot location by running the command:
velero snapshot-location create default --provider openstack --config region=ru-msk
-
Run the command to check the configured plugins:
velero plugin get
The output of the command should contain the following plugins:
1NAME KIND 2... ... 3velero.io/aws VolumeSnapshotter 4velero.io/openstack VolumeSnapshotter
-
Run the command to check the configured backup locations:
velero backup-location get
A similar information should be displayed:
1NAME PROVIDER BUCKET/PREFIX PHASE LAST VALIDATED ACCESS MODE DEFAULT 2default aws ... Available ... ReadWrite true
-
Run the command to check the configured snapshot locations:
velero snapshot-location get
A similar information should be displayed:
1NAME PROVIDER 2default openstack
Run the command:
velero uninstall