Kubernetes Backup & Disaster Recovery with Velero
In this tutorial, you'll learn about Kubernetes Backup & Disaster Recovery with Velero. We cover key concepts, practical examples, and best practices to help you understand and apply this topic effectively.
Velero is an open-source tool for backing up and restoring Kubernetes cluster resources and persistent volumes, enabling disaster recovery and Migration across clusters.
What You'll Learn
This tutorial covers installing Velero, creating scheduled backups, restoring clusters after failure, migrating resources between clusters, and backing up to cloud object storage.
Why It Matters
Data loss in Kubernetes is catastrophic. etcd corruption, accidental namespace deletion, or ransomware attacks can destroy months of work. Regular backups with tested restore procedures are essential for production.
Real-World Use
Ticketmaster uses Velero for daily backups of their Kubernetes clusters, with tested restore procedures that recover production within 30 minutes. Red Hat OpenShift bundles Velero as the default backup solution.
Installing Velero
Prerequisites
Velero requires object storage for backup storage. This example uses AWS S3.
# Create S3 bucket
aws s3 mb s3://kubernetes-velero-backups
# Create IAM user with S3 access
aws iam create-user --user-name velero
aws iam attach-user-policy --user-name velero \
--policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess
Install Velero CLI
# Download Velero CLI
curl -LO https://github.com/vmware-tanzu/velero/releases/download/v1.13.0/velero-v1.13.0-linux-amd64.tar.gz
tar -xzf velero-v1.13.0-linux-amd64.tar.gz
sudo mv velero-v1.13.0-linux-amd64/velero /usr/local/bin/
Install Velero Server
velero install \
--provider aws \
--bucket kubernetes-velero-backups \
--backup-location-config region=us-east-1 \
--snapshot-location-config region=us-east-1 \
--plugins velero/velero-plugin-for-aws:v1.9.0 \
--secret-file ./credentials-velero
# Verify installation
velero version
# Check Velero pod
kubectl -n velero get pods
Creating Backups
On-Demand Backup
# Backup all resources in a namespace
velero backup create app-backup --include-namespaces production
# Backup specific resources
velero backup create config-backup --include-resources deployments,configmaps,secrets
# Backup with volume snapshots
velero backup create full-backup --include-namespaces production --snapshot-move-data
Scheduled Backups
# Create daily backup at 2 AM
velero schedule create daily-backup \
--schedule="0 2 * * *" \
--include-namespaces production \
--ttl 168h
# Create hourly backup with short retention
velero schedule create hourly-backup \
--schedule="0 * * * *" \
--include-namespaces production \
--ttl 24h
# List schedules
velero schedule get
# List backups
velero backup get
Restoring from Backup
# Restore entire backup
velero restore create --from-backup app-backup
# Restore specific items
velero restore create --from-backup app-backup \
--include-resources deployments \
--namespace-mappings production:production-restore
# Restore to a different cluster
velero restore create --from-backup migration-backup
Verify the restore.
# Check restore status
velero restore get
# Describe restore details
velero restore describe app-backup-20240621
Cluster Migration
Use Velero to migrate resources between clusters.
# On source cluster: backup everything
velero backup create cluster-migration
# On destination cluster: restore
velero restore create --from-backup cluster-Migration
Backup Verification
Regularly test backups by restoring to a non-production namespace.
# Test restore to a test namespace
velero restore create --from-backup app-backup \
--namespace-mappings production:test-restore
# Validate restored resources
kubectl -n test-restore get all
Practice Questions
What does Velero backup in a Kubernetes cluster? Cluster resources like deployments and configmaps as API objects, plus persistent volume data if using snapshots.
How do you schedule automated backups? Use velero schedule create with a cron expression for the schedule parameter.
What is the purpose of --snapshot-move-data? It moves volume snapshot data to object storage instead of relying on CSI snapshots.
How do you restore a backup to a different namespace? Use --namespace-mappings original:target in the restore command.
Why should you regularly test backups? To ensure backup data is valid and the restore Process works before a real disaster occurs.
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro