Velero

Velero (formerly Heptio Ark) gives you tools to back up and restore your Kubernetes cluster resources and persistent volumes.

Object Storage

Velero is able to use multiple different storage providers, but in our case we're standardizing on S3 / S3-compatible API's.

Velero needs a S3-compatible Object Storage bucket, called havenplus-velero

S3 Credentials Secret

Use the S3 credentials provided by the concerning IaaS-provider and use these to create a secret.yaml:

apiVersion: v1
kind: Secret
metadata:
  name: s3-credentials
type: Opaque
stringData:
  cloud: |
    [default]
    aws_access_key_id=<access-key-id>
    aws_secret_access_key=<secret-access-key>

Next, use kubeseal to generate a sealed-secret based on the secret above:

kubeseal -f secret.yaml -w sealed.yaml --controller-namespace sealed-secrets -n velero

Velero on the local environment

The Velero controller automatically connects with a pre-created bucket in the local MinIO installation. A backup Schedule is deployed as well.

Validate the backup / restore process

Follow the basic example from the Velero docs to validate the backup / restore process. Be aware that the second example (csi snapshot) does not work on the local Kind environment.

To verify the actual backup data, open a port-forward to the MinIO console:

kubectl -n minio-generic-tenant port-forward svc/minio-generic-tenant-console 9090:9090

Browse to http://localhost:9090 and login with minio/minio123. You should see a velero bucket with data in it.

Object Storage​

S3 Credentials Secret​

Velero on the local environment​

Validate the backup / restore process​

Object Storage

S3 Credentials Secret

Velero on the local environment

Validate the backup / restore process