Velero 是一個開源的 Kubernetes 集群備份和遷移工具，本篇簡報為 https://kaichu.io/posts/velero-research-practice/ 文章的一個總結，介紹了 Velero 的原理/安裝/基本使用及實踐 demo 的過程

1. Velero Search &
Practice

2. Overview
Velero 1.6
● Introduction
● Install
● Use
● Practice
● QA

3. Introduction

4. Introduction
Velero is an open source tool to safely backup and restore,
perform disaster recovery, and migrate Kubernetes cluster
resources and persistent volumes
Aiming to help with:
● Disaster Recovery: Recover from an issue
● Data Migration: Migrate apps between clusters
● Data Protection: Scheduled Actions

5. Etcd backup vs. Velero bacup
● Etcd's backup/restore tooling is
good for recovering from data
loss in a single etcd cluster
● you don't have access to etcd
(e.g. you're running on GKE)
● backing up both Kubernetes
resources and persistent
volume state
● cluster migrations
● backing up a subset of your
Kubernetes resources
● backing up Kubernetes
resources that are stored
across multiple etcd clusters
(for example if you run a
custom apiserver)

6. Velero CRD
● backups.velero.io
● backupstoragelocations.velero.io
● deletebackuprequests.velero.io
● downloadrequests.velero.io
● podvolumebackups.velero.io
● podvolumerestores.velero.io
● resticrepositories.velero.io
● restores.velero.io
● schedules.velero.io
● serverstatusrequests.velero.io
● volumesnapshotlocations.velero.io

7. Backup workflow
● On-demand
● Scheduled

8. Backup Storage Locations and
Volume Snapshot Locations
● BackupStorageLocation (Velero backups)
○ Bucket (Object Store)
○ K8s resources
○ One or more
● VolumeSnapshotLocation (associated persistent)
○ defined entirely by provider-specific fields (AWS region, Azure
resource group, Portworx snapshot type, etc.
○ One or more

9. Backup Storage Locations and
Volume Snapshot Locations Conts.
● Single Velero backup snapshots
○ Multiple Persistent Volume (both EBS volumes and Portworx
volumes)
● Multiple Velero backups to different Buckets
○ eastern USA region
○ western USA region
○ or to a different storage provider
● volume providers that support (Portworx)
○ you can have some snapshots stored locally on the cluster and have
others stored in the cloud

10. Backup Storage Locations and
Volume Snapshot Locations Conts.
● It is not possible (yet) to send a single Velero backup to
multiple backup storage locations simultaneously
● Cross-provider snapshots are not supported
● Other Limitations / Caveats

11. Install

12. Install
● Client (CLI)
● Server
○ Plugins
○ Enable restic integration --use-restic
○ Default Pod Volume backup to restic
--default-volumes-to-restic
○ Customize resource requests and limits
○ Configure more than one storage location for backups or volume
snapshots
○ Install an additional volume snapshot provider

13. Providers
● Velero supported providers
● Community supported providers
● S3-Compatible object store providers
● Non-supported volume snapshots

14. Providers - Velero supported providers

15. Providers - Community supported providers

16. Providers - S3-Compatible object store
providers
● IBM Cloud
● Oracle Cloud
● Minio
● DigitalOcean
● NooBaa
● Tencent Cloud
● Ceph RADOS v12.2.7
● Quobyte
● Cloudian HyperStore

17. Providers - Non-supported volume snapshots
In the case you want to take volume snapshots but didn’t find a plugin for your
provider, Velero has support for snapshotting using restic. Please see the restic
integration documentation.

18. Set up server
velero install
--provider aws
--plugins velero/velero-plugin-for-aws:v1.0.0
--bucket velero
--secret-file ./credentials-velero-minio
--use-volume-snapshots=true
--backup-location-config region=default,s3ForcePathStyle="true",s3Url=http://minio.infra.svc.cluster.local:9000
--snapshot-location-config region="default"
--use-restic
--wait
velero install
--provider gcp
--plugins velero/velero-plugin-for-gcp:v1.2.0
--bucket velero
--secret-file ./credentials-velero-minio
--use-volume-snapshots=true
--backup-location-config region=default,s3ForcePathStyle="true",s3Url=http://minio.infra.svc.cluster.local:9000
--snapshot-location-config region="default"
--use-restic
--wait

19. Set up server - helm
helm install velero vmware-tanzu/velero
--namespace velero
--create-namespace
-f velero-values.yaml
configuration:
provider: aws
backupStorageLocation:
bucket: velero
config:
region: default
s3ForcePathStyle: true
publicUrl: http://172.18.0.155:9000
s3Url: http://minio.minio.svc.cluster.local:9000
volumeSnapshotLocation:
config:
region: default
credentials:
useSecret: true
secretContents:
cloud: |
[default]
aws_access_key_id = minio
aws_secret_access_key = minio123
….
initContainers:
- name: velero-plugin-for-aws
image: velero/velero-plugin-for-aws:v1.1.0
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /target
name: plugins

20. Use

21. Disaster recovery
The default backup retention period, expressed as TTL (time to live), is
30 days (720 hours). --ttl <DURATION> flag to change this as
necessary
velero schedule create <SCHEDULE NAME> --schedule "0 7 * * *"

22. Resource filtering (Support
Backup and Restore)
● Includes
○ –include-namespaces
○ –include-resources
○ –include-cluster-resources
○ –selector
● Excludes
○ –exclude-namespaces
○ –exclude-resources
○ velero.io/exclude-from-backup=true

23. Backup Hooks (Pre/Post)
● pre(post).hook.backup.velero.io/container
○ The container where the command should be executed. Defaults to the first container in the pod.
Optional.
● pre(post).hook.backup.velero.io/command
○ The command to execute. If you need multiple arguments, specify the command as a JSON array, such as
["/usr/bin/uname", "-a"]
● pre(post).hook.backup.velero.io/on-error
○ What to do if the command returns a non-zero exit code. Defaults to Fail. Valid values are Fail and
Continue. Optional.
● pre(post).hook.backup.velero.io/timeout
○ How long to wait for the command to execute. The hook is considered in error if the command exceeds
the timeout. Defaults to 30s. Optional.

24. Velero backup create
# Create a backup containing all resources.
velero backup create backup1
# Create a backup including only the nginx namespace.
velero backup create nginx-backup --include-namespaces nginx
# Create a backup excluding the velero and default namespaces.
velero backup create backup2 --exclude-namespaces velero,default
# Create a backup based on a schedule named daily-backup.
velero backup create --from-schedule daily-backup
# View the YAML for a backup that doesn't snapshot volumes, without sending it to the server.
velero backup create backup3 --snapshot-volumes=false -o yaml
# Wait for a backup to complete before returning from the command.
velero backup create backup4 --wait

25. Restore Hooks
● InitContainer Restore Hooks
○ init.hook.restore.velero.io/container-image
○ init.hook.restore.velero.io/container-name
○ init.hook.restore.velero.io/command
● Exec Restore Hooks
○ post.hook.restore.velero.io/container
○ post.hook.restore.velero.io/command
○ post.hook.restore.velero.io/on-error
○ post.hook.restore.velero.io/exec-timeout
○ post.hook.restore.velero.io/wait-timeout

26. Practice

27. Backup from KIND and Restore to KIND

28. Backup from GKE and Restore to GKE

29. Migrate KIND to GKE

30. Q&A