Skip to content

Instantly share code, notes, and snippets.

@mddamato

mddamato/Velero_Notes.md

Last active December 17, 2020 20:30
Show Gist options
  • Save mddamato/73f2e627a47171485ecc2cf01717fe61 to your computer and use it in GitHub Desktop.
Save mddamato/73f2e627a47171485ecc2cf01717fe61 to your computer and use it in GitHub Desktop.
Download ZIP
Velero_Notes
Raw
Velero_Notes.md

Velero notes azure

Install velero CLI

https://velero.io/docs/v1.5/basic-install/#install-the-cli

brew install velero

Configure velero server

Ensure your kubectl cli is working properly.

These notes come from reading https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure#setup

Login to get az info

az login

Create resource group and storage acct

Set variables

export AZURE_BACKUP_RESOURCE_GROUP="Velero_Backups"
export BLOB_CONTAINER=velero

Create account id with random characters

export AZURE_STORAGE_ACCOUNT_ID="velero$(uuidgen | cut -d '-' -f5 | tr '[A-Z]' '[a-z]')"

Create the az objects

az group create -n $AZURE_BACKUP_RESOURCE_GROUP --location EastUS

az storage account create \
--name $AZURE_STORAGE_ACCOUNT_ID \
--resource-group $AZURE_BACKUP_RESOURCE_GROUP \
--sku Standard_GRS \
--encryption-services blob \
--https-only true \
--kind BlobStorage \
--access-tier Hot

az storage container create -n $BLOB_CONTAINER --public-access off --account-name $AZURE_STORAGE_ACCOUNT_ID

Set your resource group ID. Needs to be the group with the VMs and disks. Usually this is the auto-generated one. example:

export AZURE_RESOURCE_GROUP="MC_mdd-rfed-aks_c-fzzkm_eastus"

Create service principal for velero

grab from az command, or look it up

export AZURE_SUBSCRIPTION_ID=$(az account list --query '[?isDefault].id' -o tsv)
export AZURE_TENANT_ID=$(az account list --query '[?isDefault].tenantId' -o tsv)

Create service principal, grab client ID

export AZURE_CLIENT_SECRET=$(az ad sp create-for-rbac --name "velero" --role "Contributor" --query "password" -o tsv --scopes  /subscriptions/${AZURE_SUBSCRIPTION_ID})
export AZURE_CLIENT_ID=$(az ad sp list --display-name "velero" --query '[0].appId' -o tsv)

Create credential file using your previously set envs

cat << EOF  > ./credentials-velero
AZURE_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID}
AZURE_TENANT_ID=${AZURE_TENANT_ID}
AZURE_CLIENT_ID=${AZURE_CLIENT_ID}
AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET}
AZURE_RESOURCE_GROUP=${AZURE_RESOURCE_GROUP}
AZURE_CLOUD_NAME=AzurePublicCloud
EOF

Install Velero server side

velero install \
--provider azure \
--plugins velero/velero-plugin-for-microsoft-azure:v1.1.0 \
--bucket $BLOB_CONTAINER \
--secret-file ./credentials-velero \
--backup-location-config resourceGroup=$AZURE_BACKUP_RESOURCE_GROUP,storageAccount=$AZURE_STORAGE_ACCOUNT_ID \
--snapshot-location-config apiTimeout=10m \
--velero-pod-cpu-limit 2000m \
--velero-pod-mem-limit 1024Mi

Need to increase the resource limits in the deployment otherwise you might see strange errors. vmware-tanzu/velero#1856

        resources:
          requests:
            cpu: "1"
            memory: 256Mi

Do velero examples

https://velero.io/docs/v1.5/examples/ velero gives some examples here git clone https://github.com/vmware-tanzu/velero.git kubectl apply -f examples/nginx-app/with-pv.yaml

Uninstall

https://velero.io/docs/v1.5/uninstalling/

kubectl delete namespace/velero clusterrolebinding/velero
kubectl delete crds -l component=velero
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment