This documentation provides detailed steps for taking a backup and restoring Kubernetes resources, including persistent volume data, using Velero in an Amazon EKS cluster.
1. Overview
Velero is an open-source tool used for backup and restore, disaster recovery, and migration of Kubernetes resources and persistent volumes. In Amazon EKS, Velero is used to back up:
Kubernetes Objects: Configurations, resources, etc.
Persistent Volume Data: Application data stored in persistent volumes.
2. Prerequisites
Before starting the backup and restore process, ensure the following prerequisites are met:
- Amazon EKS Cluster: Ensure your cluster is up and running.
- kubectl: Installed and configured to communicate with your cluster.
- AWS S3 Bucket: An Amazon S3 bucket to store backups.
- AWS IAM User with S3 Access: Permissions to read/write to the S3 bucket. Velero CLI: Installed on your local system.
3. Install Velero CLI
Download and install the Velero CLI (compatible version with AWS EKS) on your local system:
curl -LO https://github.com/vmware-tanzu/velero/releases/download/v1.15.1/velero-v1.15.1-linux-amd64.tar.gz
tar -xzf velero-v1.15.1-linux-amd64.tar.gz
sudo mv velero-v1.15.1-linux-amd64/velero /usr/local/bin/
4. Install Velero on Kubernetes Cluster
Create IAM User and Policy:
Create an IAM policy with permissions to access S3 and EC2 (for volume snapshots).
Attach the policy to a new IAM user and generate API access keys (access key ID and secret access key).
Create S3 Bucket:
Create a new Amazon S3 bucket to store backups.
Install Velero in the cluster:
velero install \
    --provider aws \
    --plugins velero/velero-plugin-for-aws:v1.5.2 \
    --bucket <your-velero-backup-bucket> \
    --backup-location-config region=<aws-region> \
    --secret-file ./credentials-velero \
    --use-volume-snapshots=true \
    --use-restic
Replace with your S3 bucket name and with your desired AWS region.
5. Configure AWS IAM Permissions
Ensure that the AWS IAM user used by Velero has the necessary permissions to interact with the S3 bucket and perform volume snapshots. Below is an example IAM policy for Velero:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::<your-velero-backup-bucket>",
                "arn:aws:s3:::<your-velero-backup-bucket>/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeVolumes",
                "ec2:CreateSnapshot",
                "ec2:DeleteSnapshot"
            ],
            "Resource": "*"
        }
    ]
}
6. Create Backup
To create a backup of your Kubernetes cluster (including all objects and persistent volumes):
velero backup create brand-name-cluster-backup --include-cluster-resources=true --include-namespaces '*' --ttl 72h
7. Check Backup Status
To check the status of your backup:
velero backup get
This will display a list of all backups and their status.
You can remove the resources from the existing configuration for testing.
8. Restore Backup
To restore the backup from S3:
velero restore create --from-backup <backup-name>
Where is the name of the backup you created earlier (e.g., cluster-backup).
9. Automate Backups with CronJobs
You can set up automated backups using Kubernetes CronJobs. Below is an example of a CronJob configuration that runs daily backups at midnight UTC:
apiVersion: batch/v1
kind: CronJob
metadata:
  name: velero-backup
  namespace: velero
spec:
  schedule: "0 0 * * *"  # Runs daily at midnight UTC
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - name: velero
            image: velero/velero:latest
            command: ["/bin/sh", "-c"]
            args:
              - velero backup create daily-cluster-backup --include-namespaces '*' --ttl 72h;
          restartPolicy: OnFailure
To apply this CronJob: kubectl apply -f velero-backup-cronjob.yaml
Conclusion
You have now successfully set up Velero to take backups of your Kubernetes cluster, including both configurations and persistent volumes. You can do restore backups as needed or automate backups with Cronjobs.
 
 
              
 
    
Top comments (0)