Velero: Backup and restore
4 min read | by Jordi Prats
Just in the same way we backup physical servers, we need to backup Kubernetes workloads to be able to restore it to its previous state: We'll need make sure we are going to be able to restore the objects of any namespace and it's data (PersistentVolumes)
First we'll have to install Velero and configuring one of the cloud providers it supports. But regardless of the provider we are using, we can schedule backups and restore from them in the same way:
Backup on-demand
Creating a backup of your Kubernetes resources within a set of namespaces is a straightforward process. Velero provides a Backup object to do so:
apiVersion: velero.io/v1
kind: Backup
metadata:
namespace: pet2cattle-backup
name: test-backup
spec:
includedNamespaces:
- velero-demo
ttl:
"4h"
- The includedNamespaces field specifies the list of namespaces that you want to backup. In the example above, only the
velero-demonamespace is backed up using this object. - The ttl field specifies the expiration time for the backup. By default, the backup will expire after 30 days.
Exclude objects
We might not want to include some of the objects a namespace contains. For example, if we are using External Secrets Operator, there's no point on backing up it's secrets since they are already stored somewhere else. We can exclude them as follows:
apiVersion: velero.io/v1
kind: Backup
metadata:
namespace: pet2cattle-ondemand-backup
name: test-backup
spec:
includedNamespaces:
- velero-demo
ttl:
"4h"
excludedResources:
- Secret
Schedule backups
Performing on-demand backups might be useful, but scheduling regular backups is critical to ensure that you have a recent backup in case of a disaster. Velero uses the Schedule object that contains a Backup template to schedule regular backups:
kind: Schedule
apiVersion: velero.io/v1
metadata:
name: schedule
namespace: pet2cattle-scheduled-backup
spec:
schedule: "0 */2 * * *"
template:
excludedResources:
- Secret
includedNamespaces:
- velero-demo
ttl:
"4h"
The schedule field specifies the cron schedule for the backup. In the example above, the backup is scheduled to run every two hours.
Restore from backup to the same namespace
In case you need to restore from a Velero backup you'll need to use the Restore object:
apiVersion: velero.io/v1
kind: Restore
metadata:
namespace: pet2cattle-restore-same-ns
name: test-restore
spec:
backupName: test-backup
includedNamespaces:
- velero-demo
The backupName field specifies the name of the backup that you want to restore from. By using the includedNamespaces field specifies the namespaces that you want to restore, in case the backup contains more than one namespace.
Restore from backup to a different namespace
If we want to restore the backup to a different namespace to be able to keep the data in the origin namespace as it is (for example for later analysis). We can do that using the Restore object:
apiVersion: velero.io/v1
kind: Restore
metadata:
namespace: pet2cattle-restore-other-ns
name: test-restore
spec:
backupName: test-backup
includedNamespaces:
- velero-demo
namespaceMapping:
velero-demo: restored-velero-demo
In the example above, we are restoring the velero-demo namespace from the test-backup Backup, but we are changing the namespace name to restored-velero-demo: All the objects in the backup that belonged to the velero-demo namespace will now belong to the restored-velero-demo namespace.
Delete backup
Backup's metadata is stored in S3 (if you are using AWS), so if you delete the Backup object, velero will eventually recreate the object. If we really want to delete it before it expires we'll need to use the DeleteBackupRequest object:
kind: DeleteBackupRequest
apiVersion: velero.io/v1
metadata:
name: deletebackuprequest
namespace: pet2cattle-backup
spec:
backupName: test-ondemand-backup
Posted on 08/05/2023