Velero search & practice 20210609
0 likes685 views
Velero is an open-source tool designed for backup, restore, and disaster recovery of Kubernetes cluster resources and persistent volumes, supporting data migration and scheduling actions. The document explains Velero's installation, configuration with various cloud providers, backup workflow, and backup and restore hooks. It includes a detailed overview of supported providers, installation commands, and practical usage scenarios for creating and restoring backups.
![Set up server - helm
helm install velero vmware-tanzu/velero
--namespace velero
--create-namespace
-f velero-values.yaml
configuration:
provider: aws
backupStorageLocation:
bucket: velero
config:
region: default
s3ForcePathStyle: true
publicUrl: http://172.18.0.155:9000
s3Url: http://minio.minio.svc.cluster.local:9000
volumeSnapshotLocation:
config:
region: default
credentials:
useSecret: true
secretContents:
cloud: |
[default]
aws_access_key_id = minio
aws_secret_access_key = minio123
….
initContainers:
- name: velero-plugin-for-aws
image: velero/velero-plugin-for-aws:v1.1.0
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /target
name: plugins](https://image.slidesharecdn.com/velerosearchpractice20210609-210615024253/85/Velero-search-amp-practice-20210609-19-320.jpg)
![Backup Hooks (Pre/Post)
● pre(post).hook.backup.velero.io/container
○ The container where the command should be executed. Defaults to the first container in the pod.
Optional.
● pre(post).hook.backup.velero.io/command
○ The command to execute. If you need multiple arguments, specify the command as a JSON array, such as
["/usr/bin/uname", "-a"]
● pre(post).hook.backup.velero.io/on-error
○ What to do if the command returns a non-zero exit code. Defaults to Fail. Valid values are Fail and
Continue. Optional.
● pre(post).hook.backup.velero.io/timeout
○ How long to wait for the command to execute. The hook is considered in error if the command exceeds
the timeout. Defaults to 30s. Optional.](https://image.slidesharecdn.com/velerosearchpractice20210609-210615024253/85/Velero-search-amp-practice-20210609-23-320.jpg)
Velero search & practice 20210609
- 2. Overview Velero 1.6 ● Introduction ● Install ● Use ● Practice ● QA
- 3. Introduction
- 4. Introduction Velero is an open source tool to safely backup and restore, perform disaster recovery, and migrate Kubernetes cluster resources and persistent volumes Aiming to help with: ● Disaster Recovery: Recover from an issue ● Data Migration: Migrate apps between clusters ● Data Protection: Scheduled Actions
- 5. Etcd backup vs. Velero bacup ● Etcd's backup/restore tooling is good for recovering from data loss in a single etcd cluster ● you don't have access to etcd (e.g. you're running on GKE) ● backing up both Kubernetes resources and persistent volume state ● cluster migrations ● backing up a subset of your Kubernetes resources ● backing up Kubernetes resources that are stored across multiple etcd clusters (for example if you run a custom apiserver)
- 6. Velero CRD ● backups.velero.io ● backupstoragelocations.velero.io ● deletebackuprequests.velero.io ● downloadrequests.velero.io ● podvolumebackups.velero.io ● podvolumerestores.velero.io ● resticrepositories.velero.io ● restores.velero.io ● schedules.velero.io ● serverstatusrequests.velero.io ● volumesnapshotlocations.velero.io
- 7. Backup workflow ● On-demand ● Scheduled
- 8. Backup Storage Locations and Volume Snapshot Locations ● BackupStorageLocation (Velero backups) ○ Bucket (Object Store) ○ K8s resources ○ One or more ● VolumeSnapshotLocation (associated persistent) ○ defined entirely by provider-specific fields (AWS region, Azure resource group, Portworx snapshot type, etc. ○ One or more
- 9. Backup Storage Locations and Volume Snapshot Locations Conts. ● Single Velero backup snapshots ○ Multiple Persistent Volume (both EBS volumes and Portworx volumes) ● Multiple Velero backups to different Buckets ○ eastern USA region ○ western USA region ○ or to a different storage provider ● volume providers that support (Portworx) ○ you can have some snapshots stored locally on the cluster and have others stored in the cloud
- 10. Backup Storage Locations and Volume Snapshot Locations Conts. ● It is not possible (yet) to send a single Velero backup to multiple backup storage locations simultaneously ● Cross-provider snapshots are not supported ● Other Limitations / Caveats
- 11. Install
- 12. Install ● Client (CLI) ● Server ○ Plugins ○ Enable restic integration --use-restic ○ Default Pod Volume backup to restic --default-volumes-to-restic ○ Customize resource requests and limits ○ Configure more than one storage location for backups or volume snapshots ○ Install an additional volume snapshot provider
- 13. Providers ● Velero supported providers ● Community supported providers ● S3-Compatible object store providers ● Non-supported volume snapshots
- 14. Providers - Velero supported providers
- 15. Providers - Community supported providers
- 16. Providers - S3-Compatible object store providers ● IBM Cloud ● Oracle Cloud ● Minio ● DigitalOcean ● NooBaa ● Tencent Cloud ● Ceph RADOS v12.2.7 ● Quobyte ● Cloudian HyperStore
- 17. Providers - Non-supported volume snapshots In the case you want to take volume snapshots but didn’t find a plugin for your provider, Velero has support for snapshotting using restic. Please see the restic integration documentation.
- 18. Set up server velero install --provider aws --plugins velero/velero-plugin-for-aws:v1.0.0 --bucket velero --secret-file ./credentials-velero-minio --use-volume-snapshots=true --backup-location-config region=default,s3ForcePathStyle="true",s3Url=http://minio.infra.svc.cluster.local:9000 --snapshot-location-config region="default" --use-restic --wait velero install --provider gcp --plugins velero/velero-plugin-for-gcp:v1.2.0 --bucket velero --secret-file ./credentials-velero-minio --use-volume-snapshots=true --backup-location-config region=default,s3ForcePathStyle="true",s3Url=http://minio.infra.svc.cluster.local:9000 --snapshot-location-config region="default" --use-restic --wait
- 19. Set up server - helm helm install velero vmware-tanzu/velero --namespace velero --create-namespace -f velero-values.yaml configuration: provider: aws backupStorageLocation: bucket: velero config: region: default s3ForcePathStyle: true publicUrl: http://172.18.0.155:9000 s3Url: http://minio.minio.svc.cluster.local:9000 volumeSnapshotLocation: config: region: default credentials: useSecret: true secretContents: cloud: | [default] aws_access_key_id = minio aws_secret_access_key = minio123 …. initContainers: - name: velero-plugin-for-aws image: velero/velero-plugin-for-aws:v1.1.0 imagePullPolicy: IfNotPresent volumeMounts: - mountPath: /target name: plugins
- 20. Use
- 21. Disaster recovery The default backup retention period, expressed as TTL (time to live), is 30 days (720 hours). --ttl <DURATION> flag to change this as necessary velero schedule create <SCHEDULE NAME> --schedule "0 7 * * *"
- 22. Resource filtering (Support Backup and Restore) ● Includes ○ –include-namespaces ○ –include-resources ○ –include-cluster-resources ○ –selector ● Excludes ○ –exclude-namespaces ○ –exclude-resources ○ velero.io/exclude-from-backup=true
- 23. Backup Hooks (Pre/Post) ● pre(post).hook.backup.velero.io/container ○ The container where the command should be executed. Defaults to the first container in the pod. Optional. ● pre(post).hook.backup.velero.io/command ○ The command to execute. If you need multiple arguments, specify the command as a JSON array, such as ["/usr/bin/uname", "-a"] ● pre(post).hook.backup.velero.io/on-error ○ What to do if the command returns a non-zero exit code. Defaults to Fail. Valid values are Fail and Continue. Optional. ● pre(post).hook.backup.velero.io/timeout ○ How long to wait for the command to execute. The hook is considered in error if the command exceeds the timeout. Defaults to 30s. Optional.
- 24. Velero backup create # Create a backup containing all resources. velero backup create backup1 # Create a backup including only the nginx namespace. velero backup create nginx-backup --include-namespaces nginx # Create a backup excluding the velero and default namespaces. velero backup create backup2 --exclude-namespaces velero,default # Create a backup based on a schedule named daily-backup. velero backup create --from-schedule daily-backup # View the YAML for a backup that doesn't snapshot volumes, without sending it to the server. velero backup create backup3 --snapshot-volumes=false -o yaml # Wait for a backup to complete before returning from the command. velero backup create backup4 --wait
- 25. Restore Hooks ● InitContainer Restore Hooks ○ init.hook.restore.velero.io/container-image ○ init.hook.restore.velero.io/container-name ○ init.hook.restore.velero.io/command ● Exec Restore Hooks ○ post.hook.restore.velero.io/container ○ post.hook.restore.velero.io/command ○ post.hook.restore.velero.io/on-error ○ post.hook.restore.velero.io/exec-timeout ○ post.hook.restore.velero.io/wait-timeout
- 26. Practice
- 27. Backup from KIND and Restore to KIND
- 28. Backup from GKE and Restore to GKE
- 29. Migrate KIND to GKE
- 30. Q&A