Lab Adv 01: Velero - Cluster Backup and Restore

Lab Objectives

Install Velero on a Kubernetes cluster.
Configure Velero to back up and restore Kubernetes resources.
Test backup and restore of a pod using a pre-backup hook.
Verify backup contents in an Outscale S3 bucket.

Prerequisites

A running Kubernetes cluster provided by OKS.
Access to the kubectl CLI.
Administrator privileges on the cluster.
Required tools:
- aws-cli: Command-line tool to interact with AWS S3.
  You can install it by following the instructions
  here.
- s3cmd: Another tool to interact with S3, especially for managing files in buckets. Installation is described
  here.
Access to an Outscale account:
- You will need an Outscale account to create and interact with a bucket.
Configure AWS CLI:
- Once AWS CLI is installed, configure authentication by running:

aws configure

You will be prompted for your AWS credentials (Access Key and Secret Key), region (for example eu-west-2), and preferred output format (default json).

Create an S3 bucket in Outscale:
- You must have an S3 bucket to store your Velero backups. Follow the steps below to create and configure this bucket in Outscale.

Retrieve the kubeconfig file

oks-cli cluster kubeconfig --cluster-name my-cluster --project-name my-project > kubeconfig.yaml
export KUBECONFIG=./kubeconfig.yaml

Test the cluster

kubectl get nodes

Create the Bucket

Create a bucket named velero-bucket-oks:

aws s3api create-bucket --bucket velero-bucket-oks --endpoint https://oos.eu-west-2.outscale.com

Verify the Bucket

Verify that the bucket was created successfully:

aws s3api list-buckets --endpoint https://oos.eu-west-2.outscale.com

Create the Bucket Policy

Create a file bucket-policy.json with the following content:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::velero-bucket-oks",
                "arn:aws:s3:::velero-bucket-oks/*"
            ]
        }
    ]
}

Attach the Policy

Apply the policy to the bucket:

aws s3api put-bucket-policy --bucket velero-bucket-oks --policy file://bucket-policy.json --endpoint https://oos.eu-west-2.outscale.com

Verify the Policy

Verify that the policy has been applied:

aws s3api get-bucket-policy --bucket velero-bucket-oks --endpoint https://oos.eu-west-2.outscale.com

Install Velero

Install Velero using Helm:

helm repo add vmware-tanzu https://vmware-tanzu.github.io/helm-charts
helm install velero vmware-tanzu/velero \
  --namespace velero \
  --create-namespace \
  --set-file credentials.secretContents.cloud=$(echo ~/.aws/credentials) \
  --set configuration.backupStorageLocation[0].name=default \
  --set configuration.backupStorageLocation[0].provider=aws \
  --set configuration.backupStorageLocation[0].bucket=velero-bucket-oks \
  --set configuration.backupStorageLocation[0].config.region=eu-west-2 \
  --set configuration.backupStorageLocation[0].config.s3Url=https://oos.eu-west-2.outscale.com \
  --set configuration.volumeSnapshotLocation[0].name=default \
  --set configuration.volumeSnapshotLocation[0].provider=aws \
  --set configuration.volumeSnapshotLocation[0].config.region=eu-west-2 \
  --set initContainers[0].name=velero-plugin-for-aws \
  --set initContainers[0].image=velero/velero-plugin-for-aws:v1.7.0 \
  --set initContainers[0].volumeMounts[0].mountPath=/target \
  --set initContainers[0].volumeMounts[0].name=plugins

Create a Pod with a Hook

Example configuration of a pod with a pre-backup hook:

---
apiVersion: v1
kind: Pod
metadata:
  name: my-app
  annotations:
    pre.hook.backup.velero.io/command: '["/bin/sh", "-c", "echo Running_pre-backup_hook"]'
spec:
  containers:
    - name: my-app-container
      image: nginx

Apply the configuration:

kubectl apply -f my-app-with-hook.yaml

Create a Backup with Hook

Create a backup including the default namespace:

velero backup create my-backup-with-hook --include-namespaces default --wait

Verify Backup Status

Check whether the backup was successfully created:

velero backup get

Check Pod Logs

View the logs to ensure the hook was executed:

velero backup logs my-backup-with-hook

You should see the message Running pre-backup hook in the logs.

Verify Backup Contents in the Outscale Bucket

List objects in the Outscale bucket using s3cmd:

s3cmd ls s3://velero-bucket-oks

Or using AWS CLI:

aws s3 ls s3://velero-bucket-oks --recursive

Delete all resources in the default namespace:

kubectl delete all --all -n default

Restore the backup:

velero restore create --from-backup my-backup-with-hook --wait

Verify that resources have been restored:

kubectl get all -n default

Conclusion

In this lab, you learned how to install Velero, configure a backup with a pre-backup hook, and verify backup contents in an Outscale S3 bucket. You also tested restoring resources from a backup. You are now ready to use Velero to manage backup and restore operations for your Kubernetes clusters.