Getting Started with Velero: A Beginner's Guide to Kubernetes Backup and Restore

Manish KumarManish Kumar
4 min read

Table of contents

Introduction to Velero

Velero is a tool for backing up and restoring Kubernetes clusters and applications. It provides a simple, flexible, and reliable way to protect your application and data. Velero is designed to be easy to use and operate.

With Velero, you can easily take snapshots of your application's state, including the application's persistent volumes, and store them in a cloud-based object storage provider (such as Amazon S3 or Google Cloud Storage). You can then use these snapshots to restore your application to a previous state or migrate it to a new cluster. Velero also supports scheduling regular backups, as well as disaster recovery scenarios.

To use Velero, you'll need to install it on your Kubernetes cluster and set up a cloud provider account (if you haven't already). You can then use Velero's command-line interface (CLI) or API to take backups and restore them as needed. Velero is open-source and available on GitHub

Prerequisites

  1. Velero Command Line

  2. AWS Command Line (We can use any cloud provider to leverage bucket storage)

  3. Kubernetes Cluster

Install the Velero CLI

Install on macOS

brew install velero

Install on Linux

  1. Download the latest releaseโ€™s tarball for your client platform

  2. Extract the tarball:

     tar -xvf <RELEASE-TARBALL-NAME>.tar.gz

  3. Move the extracted velero binary to somewhere in your $PATH such as /usr/local/bin

Install on Windows

On Windows, you can use Chocolatey to install the velero client:

choco install velero

Install and Configure AWS CLI

Linux

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

macOS

curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg AWSCLIV2.pkg -target /

Windows

  1. Download and run the AWS CLI MSI installer for Windows (64-bit).

    Windows Installer

  2. Run the following command to install

     msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi

Configuration AWS CLI

aws configure   # This command triggers a menu driven program. Just follow the prompts

Configure AWS Resources

  1. Create AWS S3 Bucket for storing backups

     export BUCKET=BUCKET_NAME         # aws s3 bucket name
 export REGION=REGION_NAME        # aws region
 aws s3api create-bucket --bucket $BUCKET --region $REGION \
     --create-bucket-configuration LocationConstraint=$REGION

  2. Create IAM User

     aws iam create-user --user-name velero

  3. Create a policy file for the IAM User.

     {
     "Version": "2012-10-17",
     "Statement": [
         {
             "Effect": "Allow",
             "Action": [
                 "ec2:DescribeVolumes",
                 "ec2:DescribeSnapshots",
                 "ec2:CreateTags",
                 "ec2:CreateVolume",
                 "ec2:CreateSnapshot",
                 "ec2:DeleteSnapshot"
             ],
             "Resource": "*"
         },
         {
             "Effect": "Allow",
             "Action": [
                 "s3:GetObject",
                 "s3:DeleteObject",
                 "s3:PutObject",
                 "s3:AbortMultipartUpload",
                 "s3:ListMultipartUploadParts"
             ],
             "Resource": [
                 "arn:aws:s3:::${BUCKET}/*"
             ]
         },
         {
             "Effect": "Allow",
             "Action": [
                 "s3:ListBucket"
             ],
             "Resource": [
                 "arn:aws:s3:::${BUCKET}"
             ]
         }
     ]
 }

  4. Attach the IAM policy to the user

     aws iam put-user-policy \
   --user-name velero \
   --policy-name velero \
   --policy-document file://velero-policy.json

  5. Create Access Key for the IAM user and store them in a file.

     aws iam create-access-key --user-name velero > /tmp/key.json

  6. Store AccessKeyId and SecretAccessKey for the velero user in vars

     AWS_ACCESS_ID=`cat /tmp/key.json | jq .AccessKey.AccessKeyId | sed s/\"//g`
 AWS_ACCESS_KEY=`cat /tmp/key.json | jq .AccessKey.SecretAccessKey | sed s/\"//g`

  7. Create a credentials file for the user velero

     cat > /tmp/credentials-velero <<EOF
 [default]
 aws_access_key_id=$AWS_ACCESS_ID
 aws_secret_access_key=$AWS_ACCESS_KEY
 EOF

Install Velero

  1. Please make sure that you're logged into Kubernetes Cluster with Cluster-Admin privileges.

  2. Run the following command to install velero:

     velero install \
     --provider aws \
     --plugins velero/velero-plugin-for-aws:v1.5.2 \
     --bucket $BUCKET \
     --backup-location-config region=$REGION \
     --snapshot-location-config region=$REGION \
     --secret-file /tmp/credentials-velero

  3. Verify velero installation

     kubectl -n velero get pods       # Check pods in velero namespace
 kubectl logs deployment/velero -n velero    # Check logs of velero pod

Application Backup

  1. Create a backup of your application. Let's say it's running in namespace namespace-a

     velero backup create backup-a --include-namespaces namespace-a --snapshot-volumes    # This command will create a backup of your namespace and creates snapshots of your application's persistent volumes.

  2. Verify the backup for any possible errors

     # describe
 velero backup describe backup-a

 # logs
 velero backup logs backup-a

Restoring Application from Backup

  1. Restore the application from the backup in another Kubernetes cluster.

     velero restore create --from-backup backup-a

  2. Verify if the application is running in its respective namespace or not.

Schedule Application Backup

  1. Create a daily backup (once in 24 hours).

     velero create schedule schedule-a --schedule="@every 24h" --include-namespaces namespace-a

 # We can also use linux syntax from cronjobs

 velero create schedule schedule-a --schedule="0 */24 * * *" --include-namespaces namespace-a

  2. Create a backup from the schedule we created in step 1.

     velero backup create --from-schedule schedule-a

References

GitHub - Velero

Velero Documentation

Conclusion

In this blog, We have learned about Velero and how to use velero to create a backup, backup schedule and restore applications from the backup. To learn more about these awesome topics, follow KUBESIMPLIFY. Don't forget to like and share this post if you liked this blog. Connect with me on Twitter and Linkedln. Please follow me for such blogs.

Manish Kumar ๐Ÿง‘๐Ÿปโ€๐Ÿ’ป (Hashnode Profile)

0
Subscribe to my newsletter

Read articles from Manish Kumar directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Kubernetesvelero

Written by

Manish Kumar
Manish Kumar

I'm working with Keysight Technologies as a DevOps SRE. I'm passionate about Cloud-Native tools and technologies and often try to write about them when I learn. I'm a RedHat certified specialist in OpenShift Administration (RedHat's CKA).