You cal also check my old Post – How to deploy a Azure AKS Cluster.
Velero: –
Velero (formerly Heptio Ark) gives you tools to back up and restore your Kubernetes cluster resources and persistent volumes. You can run Velero with a cloud provider or on-premises. Velero lets you:
- Take backups of your cluster and restore in case of loss.
- Migrate cluster resources to other clusters.
- Replicate your production cluster to development and testing clusters.
Velero consists of:
A server that runs on your cluster
A command-line client that runs locally
Velero supports a variety of storage providers for different backup and snapshot operations. Velero has a plugin system which allows anyone to add compatibility for additional backup and volume storage platforms without modifying the Velero codebase.
https://velero.io/docs/v1.13/supported-providers
Installing Velero and backing up the AKS cluster: –
Download and install Velero CLi on your local machine.
$ wget https://github.com/vmware-tanzu/velero/releases/download/v1.12.4/velero-v1.12.4-linux-amd64.tar.gz
$ tar -xvf Velero*
$ cd Velero*
$ cp Velero /usr/local/bin/
When you use Azure Blob Storage for backups, Velero requires a storage account and a blob container to store the backups.
Create an Azure storage account and blob container.
$ az storage account create –name vbackups1205 –resource-group akscluster0 –sku Standard_GRS –encryption-services blob –https-only true –kind BlobStorage –access-tier Hot
(Note: – replace Account name, resource group)
Create a blob container.
$ az storage container create -n vbackup1205 –public-access off –account-name vbackups1205
(Note: Replace Container name and account name)
You can create a service principal with the Contributor role or use a custom role:
- Contributor role: The Contributor role grants subscription-wide access, so be sure to protect this credential if you assign that role.
- Custom role: If you need a more restrictive role, use a custom role.
Assign the Contributor role:
If you are using Velero to back up multiple clusters with multiple blob containers, you may want to create a unique username for each cluster instead of using the name velero
Create a service principal with contributor access.
Get your subscription and tenant ID.
$ az account list –query ‘[?isDefault].id’ -o tsv
$ az account list –query ‘[?isDefault].tenantId’ -o tsv
$ export SUBSCRIPTION_ID=XXXXX
$ export STORAGE_RESOURCE_GROUP=xxx (ex: – akscluster0)
$ export MC_RESOURCE_GROUP= xxxx
(note: – replace xxx with required details)
$ az ad sp create-for-rbac \
–name “velero” \
–role “Contributor” \
–query ‘password’ \
-o tsv \
–scopes /subscriptions/$SUBSCRIPTION_ID/resourceGroups/$STORAGE_RESOURCE_GROUP /subscriptions/$SUBSCRIPTION_ID/resourceGroups/$MC_RESOURCE_GROUP
Generate a secret for you. Save the secret.
Create an Azure Credentials file.
(Note: – replace XX with required details)
Get the app ID for the service principal.
$ az ad sp list –display-name “velero” –query ‘[0].appId’ -o tsv
cat << EOF > ./credentials-velero
AZURE_SUBSCRIPTION_ID=XXXX
AZURE_TENANT_ID=xxxx
AZURE_CLIENT_ID=xxx
AZURE_CLIENT_SECRET=xxxx
AZURE_RESOURCE_GROUP=xxxx
EOF
Deploy Velero on the AKS cluster.
$ velero install \
–provider azure \
–plugins velero/velero-plugin-for-microsoft-azure:main \
–bucket vbackup1205 \
–secret-file ./credentials-velero \
–backup-location-config resourceGroup=akscluster0,storageAccount=vbackups1205 \
–snapshot-location-config apiTimeout=10m \
–use-volume-snapshots \
–use-node-agent
(Note:- Replace the resource group and storage account with the specifics of your environment, and you can also consult the official Velero doc to customise the deployment values- https://velero.io/docs/v1.1.0/azure-config/ OR https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure).
Velero Deployed successfully. You can check the Velero deployment status using the following command.
$ kubectl get pods -n velero
To Check the backup location
$ velero backup-location get
Velero deployment was completed successfully. Next, we run backup and restoration tests.
I plan to install a WordPress application (it includes- MariaDB and Persistence volumes claims (PVC)) using a Helm chart for testing purposes.
To install the HELM chart on the cluster. Install the Helm Chart Tool on your local machine.
$ wget wget https://get.helm.sh/helm-v3.14.2-linux-amd64.tar.gz
$ tar xvf helm*
$ cd linux-amd64\
$ cp helm /usr/local/bin
Helm tool installation completed. Create a namespace to install the WordPress app.
$ kubectl create ns wordpress
Add WordPress repo.
$ helm repo add bitnami https://charts.bitnami.com/bitnam
Install WordPress
$ helm install backup-test bitnami/wordpress –namespace wordpress
Check the WordPress application status. (DB and WordPress)
$ kubectl get pods -n wordpress
Check PV and PVC
$ kubectl get pv
$ kubectl get pvc -n wordpress
Backup WordPress application.
$ velero backup create backuptest –include-namespaces wordpress –storage-location default –wait
(Note: Replace bucket name and storage location according to your environment specifications)
To check the backup status and details.
$ velero backup describe backuptest
(Note: Replace the backup test with your backup name.)
Backup files are created in the Blob container, which you may see on the Azure portal.
To test the Restore. Delete the WordPress application.
$ kubectl delete ns wordpress
Check to see whether WordPress pods and PVC volumes have been deleted.
$ kubectl get pods -n wordpress
$ kubectl get pv
$ kubectl get pvc -n wordpress
WordPress application deletion has been completed successfully. Next, we’ll restore the WordPress application from the backup files.
$ velero restore create –from-backup backuptest
(Replace the Backup test with your backup name.)
Check the Restore status and details.
$ velero restore describe backuptest-20230302160511
(update Restore name)
Check whether the WordPress application was restored.
$ kubectl get pods -n wordpress
$ kubectl get pv
$ kubectl get pvc -n wordpress
To delete the Existing backup.
$ velero backup delete backup name
Backups can also be scheduled.
You can refer to the following doc to schedule the backups.
https://velero.io/docs/v1.9/backup-reference
You may also check out my previous post, How to Build Your Own Container Image.