Kubernetes Part 9: Backup Kubernetes with Velero & Minio


Backup Kubernet with Velero & Minio

Kubernetes can be reinstalled in a very pretty quick way, by just reapplying your deployment yaml files after a fresh install. However, in some scenario's backup can be very useful (see list below).

  • Backup stateful applications
  • Backup applications installed in a non-declarative way
  • Backup PVC information
  • Cluster migrations
  • Replicate cluster configurations (for example, from production to testing or development clusters)
To backup Kubernetes will are going to use the tool called Velero

- Install and configure Minio S3 storage 

Velero works with S3 storage to store its backups. S3 is only provided by Amazon AWS, but since its source code is open-source, there is excellent software to emulate this. This software is called Minio and you run it via a docker container. You can find the quickstart guide here. You can run it Windows, Mac, Linux etc.. 

- Install Minio on a Synology NAS (to emulatie S3 storage)

I have an excellent blog from Jonah Aragon which explains how-to install Minio as docker container on a Synology NAS. Click here to view his blog. (If you see any message about account creation of medium.com, just open the website in the incognito mode of your browser).

After the installation you need to create a bucket called backup-k8s. (I use this bucketname in the examples of the rest of the blog, but you can give the bucket every name you want). Also note the  access key and the secret key you are using in Minio. You will need it to configure the backup.

When minio is in place we can install Velero. 

- Install Velero (binary)

SSH (putty) into your k8s-master node and run the commands below to install and configure Velero

#Download Velero
wget https://github.com/vmware-tanzu/velero/releases/download/v1.12.0/velero-v1.12.0-linux-arm64.tar.gz

# Unpack Velero
tar zxf velero-v1.12.0-linux-arm64.tar.gz

# Move velero to /usr/local/bin directory
sudo mv velero-v1.12.0-linux-arm64/velero /usr/local/bin 

#remove tar and sources
rm -rf velero* 

- Create Credential file (required for velero initialization)

Use the command below to create the secret-file to access your S3 storage. Change the red values into the access key and secret key you have configured for minio.

#Create creditional file (needed for velero initialization)
cat <<EOF>> minio.credentials

- Install Velero in the Kubernetes Cluster

Run the following command (cut/paste as one) to install Velero in your kubernetes cluster. Change the red values:
  • bucket: the bucketname you have created in minio
  • backup-location-config: change the xxx.xxx.xxx.xxx into the ip adres of your minio server. 

velero install \
   --provider aws \
   --plugins velero/velero-plugin-for-aws-arm:main \
   --bucket backup-k8s \ 
   --secret-file ./minio.credentials \
   --use-volume-snapshots=false \
   --backup-location-config region=minio,s3ForcePathStyle=true,s3Url=https://xxx.xxx.xxx.xxx:9000 

Below are some backup example commands for one-time backups. The red values are examples.

# Backu# ALL resources in the cluster (the whole cluster)
velero backup create my-backup-20200515

# Backup a namespace
velero backup create my-backup-20200515 --include-namespaces namespace_to_backup

# Backup ALL namespaces except ones specified
velero backup create my-backup-20200515 --exclude-namespaces namespace_1_to_exclude,namespace_2_to_exclude

After you have run backups you should see them appear in your Minio S3 storage similar to the screenshot below

- Schedule backups

You can create a schedule with the command below. As a schedule is in cron job format (click here additional info about the cron format). In the example below the schedule is set to a backup every day at 18:00

velero create schedule myapp-backup-daily --schedule="0 18 * * *" --include-namespaces namespace_to_backup

Velero will backup all resources included in your selection (pods, deployments, services, …)

The default backup retention is 30 days. If you want to change it add the –ttl flag. This flag allows you to specify the backup retention period with the value specified in hours, minutes and seconds in the form –ttl 24h0m0s. If not specified, a default TTL value of 30 days will be applied

- Restore a backup

velero restore create --from-backup backup_name
You can also restore seperate namespaces

- Other userfull commands

# To show all stored backups list (name, status, creation and expiration date)
velero get backups

# To show one specific backup details
velero describe backup backup_name

# To show the log of a specific backup 
velero logs backup backup_name

Hope this blog was helpfull and I also recommend to watch the video (link below) from Just Me and Open Source. He has made an excellent series of video on Kubernetes.

If you have any questions, do not hesitate to leave a comment. Dumb questions are the ones that have not been asked.

More info:
- The excellent video from Just Me and Open Source