Ensuring the security and recovery of applications and data is important in the Kubernetes world. A powerful tool that can help achieve this is Velero, a versatile backup and recovery solution designed specifically for Kubernetes clusters. In this guide, we'll cover the process of securing your Kubernetes Cluster with Velero, providing you with peace of mind and protection against unforeseen events.
Understanding Velero
Velero, formerly known as Heptio Ark, is an open-source tool that simplifies backup, recovery, and migration for Kubernetes cluster resources and regular containers. It allows users to create scheduled or temporary backups of their resources and applications, ensuring data integrity and recovery in the event of failure, damage, or improper deletion.
All Velero operations (on-demand backup, scheduled backup, restore) are private, defined using the Kubernetes Custom Resource Definition (CRD), and stored elsewhere. Velero also includes a controller that manages dedicated resources to perform backup, restore, and all related tasks.
Velero is ideal for implementing disaster recovery and taking snapshots of the application state before performing cluster operations such as upgrades.
Why Backup Your Kubernetes Cluster?
It is important to implement a backup strategy to reduce the risks associated with data loss or corruption. By using Velero to regularly backup your Kubernetes Application Stack, you can:
Improved Testability: Regularly scheduled backups with Velero allow you to create isolated environments for testing purposes. You can restore a specific point-in-time backup of your Application stack to test new features, configurations, or disaster recovery procedures without impacting your production environment.
Reduced Downtime: In the event of an accidental deletion, configuration drift, or even a security breach, restoring from a recent Velero backup can significantly reduce downtime compared to rebuilding your K8s Application stack from scratch. This translates to faster recovery times and minimized disruptions for your users.
Granular Backups and Restores: Velero offers flexibility when it comes to backups. You can choose to back up the entire Application stack or specific components like the Devtron CRDs (Custom Resource Definitions) or specific namespaces and their configuration data. This allows for granular restores, where you can recover only the affected part of the stack instead of the entire system.
Compliance and Auditability: For organizations with strict compliance requirements, Velero backups provide a verifiable audit trail. You can track backup versions, timestamps, and success/failure logs, demonstrating adherence to data retention policies and regulations.
Disaster Recovery Across Environments: Velero supports backups to various cloud providers and on-premises storage solutions. This enables you to restore your K8s Cluster to a completely different environment in case of a disaster that renders your primary cluster unusable. This provides an additional layer of protection and ensures business continuity.
Workflow of Cluster Backup using Velero
Velero gets installed on the cluster with the given configurations. While backing up Velero creates the .tar files of the backup and pushes them onto the storage provider. For restoring the backups, Velero searches for the .tar files on the given storage provider, pulls it into the target cluster, and applies it to the cluster as you can see in the [Fig 1]
Prerequisites for Cluster Backup Using Velero
Let’s take the example of a cluster where Devtron is running. We would like to take the backup of the cluster and restore the backup in case of any disaster. For this demo, we would be using AWS S3 to store the backup and then restoring the backup in the target cluster using the backup pushed at S3.
Before getting our hands dirty, we need to install the CLI first.
Installation
Linux:
Install the Velero CLI client from the official GitHub page of Velero i.e. https://github.com/vmware-tanzu/velero on the CLI from where you have access to the Kubernetes cluster.
After downloading, extract the tar file and add Velero to the bin.
sudo mv /Users/demo-user/velero-v1.14.0-linux-amd64/velero /usr/local/bin
For macOS:
You can use homebrew - brew install velero
Configure Velero for Cluster Backup & Restore
Let's configure the Velero CLI that we would be using for taking the backup of the Kubernetes cluster and the same CLI would be used for restoring the backup in the target cluster.
Step-1: Create a directory named Velero. Follow the commands below to navigate to the directory named velero
mkdir velero
cd ./velero
Create a file named Velero-creds and add the following
[default]
aws_access_key_id = < s3_storage_access_key_id>
aws_secret_access_key = < s3_storage_secret_access >
Step-2: Install the Velero client with the following configurations
velero install \
--provider aws \
--plugins velero/velero-plugin-for-aws:v1.10.0 \
--bucket k8s-backup \
--backup-location-config region=ap-southeast-1 \
--snapshot-location-config region=ap-southeast-1 \
--secret-file ./velero-creds
You can check the installation by running the following command.
kubectl get all -n velero
Now the Velero has been installed successfully on the cluster and has been configured.
Cluster Backup & Restore
After configuring the Velero CLI, now let's take the backup of the cluster, and restore the backup in the target cluster.
Backup
Now as the Velero is configured we need to run a command to take the backup of our Kubernetes cluster.
Run the following command:
velero backup create k8s-backup
This command will create a backup of the Kubernetes cluster and store it in the storage option provided with the given name i.e k8s-backup
You can also take backups of specific namespaces using the following command
velero backup create <backup-name> --include-namespaces <namespace>
Once the backup is completed you can see the tar files of your backup on your S3 bucket. Check the backup by running the following command
Velero backup describe <backup name>
Restore
Now the backup is ready and can be restored by going through the same process of installing Velero and running the following commands.
Note: If you restore the backup on the same cluster where the Velero is configured, there is no need to configure it again.
velero restore create –from-backup devtroncd
There is an option to include the PVCs with the backup using --csi-snapshot-timeout
flag
velero backup create nginx-backup --include-namespacesnginx-example --csi-snapshot-timeout 20m
In this way, you can recover the K8s cluster using Velero. For more operations, you can go to the documentation or use the command: velero --help
If you have any questions, feel free to join our vibrant Discord Community and share your questions if you have any.
Top comments (0)