Backup Kubernet with Velero & Minio
Kubernetes can be reinstalled in a very pretty quick way, by just reapplying your deployment yaml files after a fresh install. However, in some scenario's backup can be very useful (see list below).
- Backup stateful applications
- Backup applications installed in a non-declarative way
- Backup PVC information
- Cluster migrations
- Replicate cluster configurations (for example, from production to testing or development clusters)
- Install and configure Minio S3 storage
Velero works with S3 storage to store its backups. S3 is only provided by Amazon AWS, but since its source code is open-source, there is excellent software to emulate this. This software is called Minio and you run it via a docker container. You can find the quickstart guide here. You can run it Windows, Mac, Linux etc..
- Install Minio on a Synology NAS (to emulatie S3 storage)
I have an excellent blog from Jonah Aragon which explains how-to install Minio as docker container on a Synology NAS. Click here to view his blog. (If you see any message about account creation of medium.com, just open the website in the incognito mode of your browser).
After the installation you need to create a bucket called backup-k8s. (I use this bucketname in the examples of the rest of the blog, but you can give the bucket every name you want). Also note the access key and the secret key you are using in Minio. You will need it to configure the backup.
When minio is in place we can install Velero.
- Install Velero (binary)
SSH (putty) into your k8s-master node and run the commands below to install and configure Velero
#Download Velero wget https://github.com/vmware-tanzu/velero/releases/download/v1.5.1/velero-v1.5.1-linux-arm64.tar.gz # Unpack Velero tar zxf velero-v1.5.1-linux-arm64.tar.gz # Move velero to /usr/local/bin directory sudo mv velero-v1.5.1-linux-arm64/velero /usr/local/bin #remove tar and sources rm -rf velero*
#Create creditional file (needed for velero initialization) cat <<EOF>> minio.credentials [default] aws_access_key_id=minio aws_secret_access_key=minio123 EOF
- bucket: the bucketname you have created in minio
- backup-location-config: change the xxx.xxx.xxx.xxx into the ip adres of your minio server.
velero install \ --use-restic \ --provider aws \ --plugins velero/velero-plugin-for-aws-arm:main \ --bucket backup-k8s \ --secret-file ./minio.credentials \ --use-volume-snapshots=false \ --backup-location-config region=minio,s3ForcePathStyle=true,s3Url=https://xxx.xxx.xxx.xxx:9000
# Backu# ALL resources in the cluster (the whole cluster) velero backup create my-backup-20200515 # Backup a namespace velero backup create my-backup-20200515 --include-namespaces namespace_to_backup # Backup ALL namespaces except ones specified velero backup create my-backup-20200515 --exclude-namespaces namespace_1_to_exclude,namespace_2_to_exclude
velero create schedule myapp-backup-daily --schedule="0 18 * * *" --include-namespaces namespace_to_backup
velero restore create --from-backup backup_name
# To show all stored backups list (name, status, creation and expiration date) velero get backups # To show one specific backup details velero describe ackup backup_name # To show the log of a specific backup velero logs backup backup_name
- The excellent video from Just Me and Open Source