VK Cloud logo
Updated atDecember 15, 2023   02:10 PM

Installing Velero

Velero is a client-server utility for backing up and restoring Kubernetes cluster resources.

Installation

  1. Make sure that:

  2. Make sure that you can connect to the cluster with kubectl.

  3. Install OpenStack CLI if it is not already installed. Make sure that you can authorize in the cloud using it.

  4. Create a Hotbox bucket to store backups in the Object Storage service.

  5. Create an account in the Object Storage service.

    Save the account's key ID and secret to the s3_creds file:

    1[default]
    2aws_access_key_id=<Access Key ID>
    3aws_secret_access_key=<Secret Key>
  6. Determine which version of Velero is compatible with the Kubernetes cluster version you want to install Velero in.

  7. Download the correct version of the Velero client.

  8. Determine the version of the AWS plugin that is compatible with Velero version.

  9. Add the path to the client to the environment variable:

    • Path for Windows.
    • PATH for Linux/macOS.
  10. Install the server part of Velero in the Kubernetes cluster. In the command, specify the name of the bucket created for Velero and the path to the s3_creds file with the account data:

    1velero install \
    2--plugins \
    3  velero/velero-plugin-for-aws:v<selected AWS plugin version>,registry.infra.mail.ru:5010/velero/velero-plugin-mcs:v1.2.2 \
    4--provider aws \
    5--bucket <Velero bucket name> \
    6--secret-file <path to s3_creds file> \
    7--use-volume-snapshots=false \
    8--backup-location-config \
    9  region=ru-msk,s3ForcePathStyle="true",s3Url=https://hb.bizmrg.com:443

    After the installation is complete, a message will be displayed:

    Velero is installed! ⛵ Use 'kubectl logs deployment/velero -n velero' to view the status.
  11. Create a Kubernetes secret so that the server part of Velero can authorize in the VK Cloud:

    1kubectl -n velero create secret generic openstack-cloud-credentials \
    2  --from-literal OS_PROJECT_ID=$OS_PROJECT_ID \
    3  --from-literal OS_REGION_NAME=$OS_REGION_NAME \
    4  --from-literal OS_IDENTITY_API_VERSION=$OS_IDENTITY_API_VERSION \
    5  --from-literal OS_PASSWORD=$OS_PASSWORD \
    6  --from-literal OS_AUTH_URL=$OS_AUTH_URL \
    7  --from-literal OS_USERNAME=$OS_USERNAME \
    8  --from-literal OS_INTERFACE=$OS_INTERFACE \
    9  --from-literal OS_FILE_OPERATION_TIMEOUT=$OS_FILE_OPERATION_TIMEOUT \
    10  --from-literal OS_DOMAIN_NAME=$OS_USER_DOMAIN_NAME \
    11  -o yaml

    Output should contain a similar information:

    1apiVersion: v1
    2data:
    3  OS_AUTH_URL: ...
    4  OS_DOMAIN_NAME: ...
    5  ...
    6kind: Secret
    7metadata:
    8  creationTimestamp: ...
    9  name: openstack-cloud-credentials
    10  namespace: velero
    11  resourceVersion: ...
    12  selfLink: ...
    13  uid: ...
    14type: Opaque
  12. Patch the Velero deployment in the cluster. This is needed for:

    • limiting resource consumption by Velero plugins for AWS and VK Cloud;

    • specifying the secret with variables for authorization in VK Cloud.

    1. Create a file with the patch:

    2. Apply the patch to the Velero deployment:

      kubectl patch deployment velero -n velero --patch-file velero-patch.yaml

      The Velero deployment will be patched and restarted.

  13. Create a default snapshot location by running the command:

    velero snapshot-location create default --provider openstack --config region=ru-msk

Checking Velero operation

  1. Run the command to check the configured plugins:

    velero plugin get

    The output of the command should contain the following plugins:

    1NAME                                        KIND
    2...                                         ...
    3velero.io/aws                               VolumeSnapshotter
    4velero.io/openstack                         VolumeSnapshotter
  2. Run the command to check the configured backup locations:

    velero backup-location get

    A similar information should be displayed:

    1NAME      PROVIDER   BUCKET/PREFIX   PHASE       LAST VALIDATED                  ACCESS MODE   DEFAULT
    2default   aws        ...             Available   ...                             ReadWrite     true
  3. Run the command to check the configured snapshot locations:

    velero snapshot-location get

    A similar information should be displayed:

    1NAME      PROVIDER
    2default   openstack

Deletion

Run the command:

velero uninstall