BUCKET=my-dev-k8s gsutil mb gs://$BUCKET/
# View your current config settings:
gcloud config list
PROJECT_ID=$(gcloud config get-value project)
# Create a service account:
gcloud iam service-accounts create velero \
--display-name "Velero service account"
SERVICE_ACCOUNT_EMAIL=$(gcloud iam service-accounts list \
--filter="displayName:Velero service account" \
--format 'value(email)')
Attach policies to give velero the necessary permissions to function:
ROLE_PERMISSIONS=(
compute.disks.get
compute.disks.create
compute.disks.createSnapshot
compute.snapshots.get
compute.snapshots.create
compute.snapshots.useReadOnly
compute.snapshots.delete
compute.zones.get
)
gcloud iam roles create velero.server \
--project $PROJECT_ID \
--title "Velero Server" \
--permissions "$(IFS=","; echo "${ROLE_PERMISSIONS[*]}")"
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member serviceAccount:$SERVICE_ACCOUNT_EMAIL \
--role projects/$PROJECT_ID/roles/velero.server
gsutil iam ch serviceAccount:$SERVICE_ACCOUNT_EMAIL:objectAdmin gs://${BUCKET}
Create a service account key, specifying an output file (credentials-velero) in your local directory:
gcloud iam service-accounts keys create credentials-velero \
--iam-account $SERVICE_ACCOUNT_EMAIL
# install velero
velero install \
--provider gcp \
--plugins velero/velero-plugin-for-gcp:v1.2.0 \
--bucket $BUCKET \
--secret-file ./credentials-velero
# check status
kubectl logs deployment/velero -n velero
# get backup location
velero backup-location get
# create schedule
velero create schedule backup-dev --schedule="0 22 * * *" --ttl 72h0m0s
https://github.com/vitobotta/velero-backup-notification/blob/master/README.md
velero restore create --from-backup <SCHEDULE NAME>-<TIMESTAMP>