# Kubernetes Backup and Restore Using Velero Kubernetes Backup, Restore, Migration Use case * Disater Recovery * Data Migration * Data Protection What Kubernetes Offers Natively 1. Etcd database Backup and Restore 2. Snapshots with Container Storage Interface(CSI) Kubernetes Data We Care About * etcd database * Kubernetes Persistent Volume Introduction to Velero other backups solutions * [k8up](https://k8up.io/k8up/1.0.0/index.html) * [Kasten](https://www.kasten.io) * [Stash](https://stash.run) Links: [Velero Github](https://github.com/vmware-tanzu/velero) [Velero Website](https://velero.io/docs/v1.5/) [Kubernetes CSI](https://kubernetes-csi.github.io/docs/) [bigbang Velero](https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/velero/-/tree/velero-1) Demo: ``` export BUCKET=velero-bucket-bb export REGION=<> aws s3api create-bucket \ --bucket $BUCKET \ --region $REGION \ --create-bucket-configuration LocationConstraint=$REGION aws iam create-user --user-name velero-bb cat > velero-policy.json <<EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeVolumes", "ec2:DescribeSnapshots", "ec2:CreateTags", "ec2:CreateVolume", "ec2:CreateSnapshot", "ec2:DeleteSnapshot" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:DeleteObject", "s3:PutObject", "s3:AbortMultipartUpload", "s3:ListMultipartUploadParts" ], "Resource": [ "arn:aws-us-gov:s3:::${BUCKET}/*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws-us-gov:s3:::${BUCKET}" ] } ] } EOF aws iam put-user-policy \ --user-name velero-bb \ --policy-name velero-bb \ --policy-document file://velero-policy.json aws iam create-access-key --user-name velero-bb #Do not do this while sharing screen** # install velero in old cluster (blue cluster) velero install \ --provider aws \ --plugins velero/velero-plugin-for-aws:v1.1.0 \ --bucket $BUCKET \ --backup-location-config region=$REGION \ --snapshot-location-config region=$REGION \ --secret-file ./credentials-velero velero backup create gitlab --include-namespaces gitlab velero get backup velero backup create gitlab --include-namespaces gitlab --wait --v 9 velero describe backups gitlab --details # install velero in new cluster (green cluster) velero install \ --provider aws \ --plugins velero/velero-plugin-for-aws:v1.1.0 \ --bucket $BUCKET \ --backup-location-config region=$REGION \ --snapshot-location-config region=$REGION \ --secret-file ./credentials-velero # perform restore from the backup taken in blue cluster velero create restore gitlab-from-blue --from-backup gitlab # Install using restic and IAM role velero install \ --provider aws \ --plugins velero/velero-plugin-for-aws:v1.1.0 \ --bucket $BUCKET \ --backup-location-config region=$REGION \ --snapshot-location-config region=$REGION \ --no-secret --use-restic true --pod-annotations iam.amazonaws.com/role=<arn>:role/velero \ ``` ``` [default] aws_access_key_id=<> aws_secret_access_key=<> ``` **Notes:** Keep the following recommendations in mind while working with Velero: When creating a backup and a schedule, include --snapshot-volumes. For backing up the cluster-scoped resources, use --include-cluster-resources. When creating a restore, use --restore-volumes. During a restore, resources that already exist are not overwritten, so you can’t restore into a Kubernetes cluster on which CloudBees CI is already installed. You must restore into an empty cluster. For Velero version 1.5, restores must be performed in the same availability zone and region in which the backup was created.