Skip to main content

Velero Open-Source Kubernetes Backups: Velero Helm Deployment, Backup and Restore a Kubernetes Namespace from an AWS S3 Bucket

1072 words·
Kubernetes K8s Velero Helm S3
Table of Contents
Kubernetes-Components - This article is part of a series.
Part 1: Rancher Kubernetes Management Platform: Cert Manager Helm Deployment, Rancher Helm Deployment with Rancher CA certificate, Export Root CA Certificate, Ingress Resource, Access Rancher with TLS Encryption
Part 2: This Article
Part 3: Kubernetes Deployment Components: Pods - Multi Container Pod Example, Container Networking Within a Pod; Replication Controller; Services - ClusterIP, NodePort & LoadBalancer Services, Services for Pods, Replication Controllers, External Resources & Deployments
Part 4: Kubernetes Resource Management: Define Resource Requests and Limits; Deploy Kubernetes Metrics Server, Verify Resource Usage with kubectl top
Part 5: Kubernetes Security: Immutable Deployment - Deploy Container with ReadOnly-Filesystem and Writable-Volume
Part 6: Kubernetes Security: Pod Security Admission (PSA) - Overview, Enforce Pod Security Standard at a Namespace; Example Nginx Pod SecurityContext for Restricted PSS
Part 7: Kubernetes Volumes: Nginx Pod and Deployment Examples with NFS Volume, Pod and Deployment Examples with EmptyDir Volume, Deployment Example with PersistentVolume, External Storage Provider with NFS
Part 8: Kubernetes Secrets: Opaque Secret Configuration, Pod Examples with Environment Variable Secrets and Volume Secrets; SSH Authentication Secret with Pod Example
Part 9: Kubernetes Horizontal Pod Autoscaling: Install Kubernetes Metrics Server, Example Deployment with Horizontal Pod Autoscaler (HPA)
Part 10: Kubernetes DNS: CoreDNS custom Hosts entry (K3s & K8s Version), Deployment with custom Hosts entry; Backup and Restore the CoreDNS ConfigMap; DNS Troubleshooting
Part 11: Kubernetes Liveness & Readiness Probes: TCP Readiness Probes (Single Pod and Multi Pod Dependency), TCP Liveness Probe
Part 12: Kubernetes Network Policies: Ingress and Egress Policy Examples
Part 13: Kubernetes Role Based Access Control (RBAC): RBAC Overview, Create Service Account, Example Role and RoleBinding
Part 14: Kubernetes Kubeconfig: Create example Kubeconfig with new (RBAC) Service Account and ClusterRole / ClusterRole Binding
Part 15: Kubernetes Container Storage Interface (CSI): NFS CSI Driver Example, Dynamically create PersistentVolumes using a CSI StorageClass and PVC
Part 16: Kubernetes Container Storage Interface (CSI): Ceph CSI Driver Example, Dynamically provision RBD Images in a Ceph Storage Pool
Part 17: Kubernetes Container Storage Interface (CSI): Longhorn Distributed Block Storage System - Deploy Longhorn via Helm Chart, Define Custom Storage Mountpoints; StorageClass & PVC Example
Part 18: Kubernetes Container Storage Interface (CSI): Samba - Deploy SMB CSI via Helm, Create example PVC and Pod
Part 19: Kubernetes Etcd Snapshot: Etcd Snapshot and Restore with Etcdctl, Verify Etcd Member Health; Etcdctl Commands
Part 20: Kubernetes Helm Charts: Create a Custom Helm Chart
Part 21: Kubernetes Kustomize: Kustomize Configuration Management Example
Part 22: Kubernetes ReplicaSets & DaemonSets: Overview, Example ReplicaSets and DaemonSets with and without NodeSelector & Node Labeling
Part 23: Kubernetes Jobs: Jobs Overview, Basic Non-parallel & Parallel Job Examples; CronJob & RBAC Example that Restarts a Deployment
Part 24: Kubernetes Commands: Cluster Nodes, Namespaces, LimitRange Resource Limits, Pods, Deployments, Replication Controllers, Services, HPA, Secrets, Cronjobs, Helm, Logs, K9s TUI

Here is my tutorial for a basic deployment of Velero with Helm, based on a K8s Kubernetes cluster with MetalLB that was deployed with Kubespray on Debian 12 servers.

Installation
#

Helm Repository
# 

# Add the Helm repository
helm repo add vmware-tanzu https://vmware-tanzu.github.io/helm-charts

# Update the repository index
helm repo update vmware-tanzu

# List the available packages from the repository
helm search repo vmware-tanzu

# Shell output:
NAME                    CHART VERSION   APP VERSION     DESCRIPTION
vmware-tanzu/velero     6.5.0           1.13.2          A Helm chart for velero

AWS IAM Credentials
#

Create a credentials file to store the IAM user access keys in:

# Create a file for the AWS IAM access keys
vi velero-credentials

[default]
aws_access_key_id=YOUR_AWS_ACCESS_KEY_ID
aws_secret_access_key=YOUR_AWS_SECRET_ACCESS_KEY

Deploy Velero with Helm
#

Adopt the path of the velero-credentials file, the name and the region of the AWS S3 bucket. The S3 bucket must already exist.

# Deploy Velero
helm install velero vmware-tanzu/velero \
--namespace velero \
--create-namespace \
--set-file credentials.secretContents.cloud=/home/debian/velero/velero-credentials \
--set configuration.backupStorageLocation[0].name=default \
--set configuration.backupStorageLocation[0].provider=aws \
--set configuration.backupStorageLocation[0].bucket=jkw-velero-backup \
--set configuration.backupStorageLocation[0].config.region=us-east-1 \
--set configuration.volumeSnapshotLocation[0].name=aws-default \
--set configuration.volumeSnapshotLocation[0].provider=aws \
--set configuration.volumeSnapshotLocation[0].config.region=us-east-1 \
--set initContainers[0].name=velero-plugin-for-aws \
--set initContainers[0].image=velero/velero-plugin-for-aws:v1.5.0 \
--set initContainers[0].volumeMounts[0].mountPath=/target \
--set initContainers[0].volumeMounts[0].name=plugins

# Shell output:
NAME: velero
LAST DEPLOYED: Sun Jun  2 15:53:04 2024
NAMESPACE: velero
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Check that the velero is up and running:

    kubectl get deployment/velero -n velero

Check that the secret has been created:

    kubectl get secret/velero -n velero

Once velero server is up and running you need the client before you can use it
1. wget https://github.com/vmware-tanzu/velero/releases/download/v1.13.2/velero-v1.13.2-darwin-amd64.tar.gz
2. tar -xvf velero-v1.13.2-darwin-amd64.tar.gz -C velero-client

More info on the official site: https://velero.io/docs

Verify the Deployment
# 

# Verify Helm releases in `velero` namespace
helm ls -n velero

# Shell output:
NAME    NAMESPACE       REVISION        UPDATED                                         STATUS          CHART           APP VERSION
velero  velero          1               2024-06-02 15:53:04.652105861 +0200 CEST        deployed        velero-6.5.0    1.13.2

# Verify Velero deployment: List deployment resources
kubectl get deployment velero -n velero

# Shell output:
NAME     READY   UP-TO-DATE   AVAILABLE   AGE
velero   1/1     1            1           6m55s

# List all Velero deployment resources
kubectl get all -n velero

Verify the Backup Locations
# 

# Verify the BackupStorageLocation
kubectl get backupstoragelocations -n velero

# Shell output:
AME      PHASE       LAST VALIDATED   AGE     DEFAULT
default   Available   32s              7m38s   true

# Verify the VolumeSnapshotLocation
kubectl get volumesnapshotlocations -n velero

# Shell output:
NAME          AGE
aws-default   7m46s

Delete the Velero Helm Deployment
#

If necessary delete the Velero deployment with the following command:

# Delete the Velero Helm deployment
helm delete velero -n velero

Verify that the Velero resources are deleted:

# Verify the Velero Helm release does not exist
helm list -n velero

# List resources in the "velero" namespace
kubectl get all -n velero

Velero Client
#

Install the Client
#

Find the latest release:
https://github.com/vmware-tanzu/velero/tags

# Download the tar file
cd && wget https://github.com/vmware-tanzu/velero/releases/download/v1.13.2/velero-v1.13.2-linux-amd64.tar.gz

# Extract the downloaded tar.gz file 
tar -zxvf velero-v1.13.2-linux-amd64.tar.gz

# Move the Velero binary
sudo mv velero-v1.13.2-linux-amd64/velero /usr/local/bin/velero

# Verify the Installation
velero version

# Shell output:
Client:
        Version: v1.13.2
        Git commit: 4d961fb6fec384ed7f3c1b7c65c818106107f5a6
Server:
        Version: v1.13.2

Create a Velero Backup
#

Example Namespace
# 

# Create an example namespace
kubectl create namespace example-1

Example Deployment
# 

# Create some resources in the example namespace
vi example-1-deployment.yaml

apiVersion: v1
kind: Pod
metadata:
  name: nginx-example-1
  namespace: example-1
spec:
  containers:
  - name: nginx
    image: nginx:latest
    ports:
    - containerPort: 80

# Deploy the resource
kubectl apply -f example-1-deployment.yaml

Verify the Deployment
# 

# Verify the deployment / pods
kubectl get pods -n example-1

# Shell output:
NAME              READY   STATUS    RESTARTS   AGE
nginx-example-1   1/1     Running   0          20s

Create a Velero Backup
# 

# Create a backup: Of the namespace "example-1"
velero backup create backup-example-1 --include-namespaces example-1

# Shell output:
Backup request "backup-example-1" submitted successfully.
Run `velero backup describe backup-example-1` or `velero backup logs backup-example-1` for more details.

Verify the Backup
# 

# Verify the backup
velero backup describe backup-example-1 --details
Shell Output: 
# Shell output:
Name:         backup-example-1
Namespace:    velero
Labels:       velero.io/storage-location=default
Annotations:  velero.io/resource-timeout=10m0s
              velero.io/source-cluster-k8s-gitversion=v1.29.5
              velero.io/source-cluster-k8s-major-version=1
              velero.io/source-cluster-k8s-minor-version=29

Phase:  Completed


Namespaces:
  Included:  example-1
  Excluded:  <none>

Resources:
  Included:        *
  Excluded:        <none>
  Cluster-scoped:  auto

Label selector:  <none>

Or label selector:  <none>

Storage Location:  default

Velero-Native Snapshot PVs:  auto
Snapshot Move Data:          false
Data Mover:                  velero

TTL:  720h0m0s

CSISnapshotTimeout:    10m0s
ItemOperationTimeout:  4h0m0s

Hooks:  <none>

Backup Format Version:  1.1.0

Started:    2024-06-02 16:13:38 +0200 CEST
Completed:  2024-06-02 16:13:42 +0200 CEST

Expiration:  2024-07-02 16:13:38 +0200 CEST

Total items to be backed up:  9
Items backed up:              9

Resource List:
  v1/ConfigMap:
    - example-1/kube-root-ca.crt
  v1/Event:
    - example-1/nginx-example-1.17d5350be3dea868
    - example-1/nginx-example-1.17d5350c028a7aef
    - example-1/nginx-example-1.17d5350dc0035f33
    - example-1/nginx-example-1.17d5350dc1daee6c
    - example-1/nginx-example-1.17d5350dc4069110
  v1/Namespace:
    - example-1
  v1/Pod:
    - example-1/nginx-example-1
  v1/ServiceAccount:
    - example-1/default

Backup Volumes:
  Velero-Native Snapshots: <none included>

  CSI Snapshots: <none included>

  Pod Volume Backups: <none included>

HooksAttempted:  0
HooksFailed:     0

# List the logs
velero backup logs backup-example-1

Restore a Velero Backup
#

Delete the Example Deployment
# 

# Delete the deployment
kubectl delete pod nginx-example-1 -n example-1

# Alternative, delete the whole namespace
kubectl delete namespace example-1

# List the resources in the "example-1" namespace
kubectl get all -n example-1

Restore the Backup
# 

# Restore the backup
velero restore create --from-backup backup-example-1

# Shell output:
Restore request "backup-example-1-20240602162347" submitted successfully.
Run `velero restore describe backup-example-1-20240602162347` or `velero restore logs backup-example-1-20240602162347` for more details.

List Restoration Details
# 

# List details from the backup restoration
velero restore describe backup-example-1-20240602162347
Shell Output: 
# Shell output:
Name:         backup-example-1-20240602162347
Namespace:    velero
Labels:       <none>
Annotations:  <none>

Phase:                       Completed
Total items to be restored:  4
Items restored:              4

Started:    2024-06-02 16:23:47 +0200 CEST
Completed:  2024-06-02 16:23:49 +0200 CEST

Warnings:
  Velero:     <none>
  Cluster:    <none>
  Namespaces:
    example-1:  could not restore, ConfigMap "kube-root-ca.crt" already exists. Warning: the in-cluster version is different than the backed-up version

Backup:  backup-example-1

Namespaces:
  Included:  all namespaces found in the backup
  Excluded:  <none>

Resources:
  Included:        *
  Excluded:        nodes, events, events.events.k8s.io, backups.velero.io, restores.velero.io, resticrepositories.velero.io, csinodes.storage.k8s.io, volumeattachments.storage.k8s.io, backuprepositories.velero.io
  Cluster-scoped:  auto

Namespace mappings:  <none>

Label selector:  <none>

Or label selector:  <none>

Restore PVs:  auto

Existing Resource Policy:   <none>
ItemOperationTimeout:       4h0m0s

Preserve Service NodePorts:  auto


HooksAttempted:   0
HooksFailed:      0

List Restores & Statuses
# 

# List all restores to see their statuses
velero restore get

# Shell output:
NAME                              BACKUP             STATUS      STARTED                          COMPLETED                        ERRORS   WARNINGS   CREATED                          SELECTOR
backup-example-1-20240602162347   backup-example-1   Completed   2024-06-02 16:23:47 +0200 CEST   2024-06-02 16:23:49 +0200 CEST   0        1          2024-06-02 16:23:47 +0200 CEST   <none>

Verify the Deployment Resources
# 

# List the resources in the "example-1" namespace
kubectl get all -n example-1

# Shell output:
NAME                  READY   STATUS    RESTARTS   AGE
pod/nginx-example-1   1/1     Running   0          5m22s

Links # 

# GitHub Velero
https://github.com/vmware-tanzu/helm-charts/blob/main/charts/velero/README.md

# Velero Client
https://github.com/vmware-tanzu/velero/tags
Kubernetes-Components - This article is part of a series.
Part 1: Rancher Kubernetes Management Platform: Cert Manager Helm Deployment, Rancher Helm Deployment with Rancher CA certificate, Export Root CA Certificate, Ingress Resource, Access Rancher with TLS Encryption
Part 2: This Article
Part 3: Kubernetes Deployment Components: Pods - Multi Container Pod Example, Container Networking Within a Pod; Replication Controller; Services - ClusterIP, NodePort & LoadBalancer Services, Services for Pods, Replication Controllers, External Resources & Deployments
Part 4: Kubernetes Resource Management: Define Resource Requests and Limits; Deploy Kubernetes Metrics Server, Verify Resource Usage with kubectl top
Part 5: Kubernetes Security: Immutable Deployment - Deploy Container with ReadOnly-Filesystem and Writable-Volume
Part 6: Kubernetes Security: Pod Security Admission (PSA) - Overview, Enforce Pod Security Standard at a Namespace; Example Nginx Pod SecurityContext for Restricted PSS
Part 7: Kubernetes Volumes: Nginx Pod and Deployment Examples with NFS Volume, Pod and Deployment Examples with EmptyDir Volume, Deployment Example with PersistentVolume, External Storage Provider with NFS
Part 8: Kubernetes Secrets: Opaque Secret Configuration, Pod Examples with Environment Variable Secrets and Volume Secrets; SSH Authentication Secret with Pod Example
Part 9: Kubernetes Horizontal Pod Autoscaling: Install Kubernetes Metrics Server, Example Deployment with Horizontal Pod Autoscaler (HPA)
Part 10: Kubernetes DNS: CoreDNS custom Hosts entry (K3s & K8s Version), Deployment with custom Hosts entry; Backup and Restore the CoreDNS ConfigMap; DNS Troubleshooting
Part 11: Kubernetes Liveness & Readiness Probes: TCP Readiness Probes (Single Pod and Multi Pod Dependency), TCP Liveness Probe
Part 12: Kubernetes Network Policies: Ingress and Egress Policy Examples
Part 13: Kubernetes Role Based Access Control (RBAC): RBAC Overview, Create Service Account, Example Role and RoleBinding
Part 14: Kubernetes Kubeconfig: Create example Kubeconfig with new (RBAC) Service Account and ClusterRole / ClusterRole Binding
Part 15: Kubernetes Container Storage Interface (CSI): NFS CSI Driver Example, Dynamically create PersistentVolumes using a CSI StorageClass and PVC
Part 16: Kubernetes Container Storage Interface (CSI): Ceph CSI Driver Example, Dynamically provision RBD Images in a Ceph Storage Pool
Part 17: Kubernetes Container Storage Interface (CSI): Longhorn Distributed Block Storage System - Deploy Longhorn via Helm Chart, Define Custom Storage Mountpoints; StorageClass & PVC Example
Part 18: Kubernetes Container Storage Interface (CSI): Samba - Deploy SMB CSI via Helm, Create example PVC and Pod
Part 19: Kubernetes Etcd Snapshot: Etcd Snapshot and Restore with Etcdctl, Verify Etcd Member Health; Etcdctl Commands
Part 20: Kubernetes Helm Charts: Create a Custom Helm Chart
Part 21: Kubernetes Kustomize: Kustomize Configuration Management Example
Part 22: Kubernetes ReplicaSets & DaemonSets: Overview, Example ReplicaSets and DaemonSets with and without NodeSelector & Node Labeling
Part 23: Kubernetes Jobs: Jobs Overview, Basic Non-parallel & Parallel Job Examples; CronJob & RBAC Example that Restarts a Deployment
Part 24: Kubernetes Commands: Cluster Nodes, Namespaces, LimitRange Resource Limits, Pods, Deployments, Replication Controllers, Services, HPA, Secrets, Cronjobs, Helm, Logs, K9s TUI