Skip to content
Products
Platform
Developer Tools
Portal

How to backup a cluster with Velero

This tutorial may be incomplete or outdated. Please refer to the Velero documentation for more complete and up-to-date instructions. When you encounter any issues using this tutorial, please open a support ticket. This tutorial guides you through the steps required to backup your whole Kubernetes Cluster with Velero backed by STACKIT Object Storage.

What is Velero?

Section titled “What is Velero?”

Velero is an open-source tool to safely backup, recover and migrate K8s clusters and volumes. It works both on premise and in the public cloud. Velero runs as a deployment in your cluster and comes with a CLI in which scheduled backups, restores, and more can be performed. It was designed to have certain advantages to classic etcd backups. Velero accesses the Kubernetes API discovery capabilities to collect the data to be backed up.

Therefore, Velero does not need itself to be updated to backup new APIs. Through the discovery approach Velero is able to backup clusters including aggregated API Servers which otherwise require a complete etcd backup.

Setup

Section titled “Setup”

S3 backend

Section titled “S3 backend”

In order to store the backup data, Velero requires a configured storage provider. For the purposes of this guide STACKIT Object Storage will be used, which is an S3 compatible blob storage implementation. Refer to the STACKIT Object Storage documentation to learn more about the setup.

To configure the STACKIT Object Storage as a Velero provider the only things required are an access key ID and an secret access key. To find out how to activate the object Storage and create new credentials see: Getting Started with Object Storage.

Once you have your credentials, save them in a file named velero-s3 in the following format:

[default]
aws_access_key_id=$ACCESS_KEY_ID
aws_secret_access_key=$SECRET_ACCESS_KEY

The last step is creating a new backup bucket for Velero. Keep in mind that the bucket name must be globally unique. To create a bucket visit to the STACKIT Cloud Portal, go to Storage > Object Storage and create a new bucket.

Velero CLI

Section titled “Velero CLI”

Velero uses CRDs to manage backups and restores which can be created manually with a YAML definition.

To make things easier for the user Velero provides a CLI that interacts with the Kubernetes CLI with a lot of utility functions.

Download from GitHub Releases or visit the official documentation for more installation instructions.

Velero server components

Section titled “Velero server components”

Server components can be installed with the CLI or Helm. This guide will only show the installation with the CLI. For installation via the Helm Chart see the official documentation.

Replace the plugin version with a current release.

Terminal window
velero install \
    --provider aws \
    --plugins velero/velero-plugin-for-aws:vX.X.X \
    --bucket $BUCKET_NAME \
    --backup-location-config region=eu01,s3ForcePathStyle=true,s3Url=https://object.storage.eu01.onstackit.cloud,checksumAlgorithm="" \
    --use-volume-snapshots=false \
    --secret-file./velero-s3

For more detailed instructions of the velero-plugin-for-aws take a look at the official repository.

Velero file system backup

Section titled “Velero file system backup”

A default Velero install doesn’t provide file system backup capabilities!

If you additionally want to back up the content of your PVCs, you need to enable Velero FSB using the instructions found in the official documentation.

Manual backup

Section titled “Manual backup”

Backup a full namespace:

Terminal window
velero backup create example-backup --include-namespaces $NAMESPACE


# or backup via Label Selector:
velero backup create nginx-backup --selector app=$SELECTOR

Delete the namespace to simulate a disaster:

Terminal window
kubectl delete namespace $NAMESPACE

Restore the namespace:

Terminal window
velero restore create --from-backup example-backup

Schedule backups

Section titled “Schedule backups”

Create a schedule that creates a backup every hour:

Terminal window
velero schedule create example-schedule --schedule="0 * * * *" --include-namespaces $NAMESPACE


# alternatively use this command:
velero schedule create example-hourly --schedule="@hourly" --selector app=$SELECTOR

Trigger it manually:

Terminal window
velero backup create --from-schedule example-schedule

Manage your backups

Section titled “Manage your backups”

List all backups

Section titled “List all backups”
Terminal window
velero backup get

Restore a specific backup

Section titled “Restore a specific backup”
Terminal window
velero restore $BACKUP_NAME