rcompos/velero-inst-gcp.md

## velero-inst-gcp.md

      
    Raw
  

              velero-inst-gcp.md
            
          
    Velero on GCP GKE Cluster

Install Velero backup solution for Kubernetes on GCP Google Kubernetes Engine (GKE).  Perform backup and restore including persistent volume.

Velero basic install
Quick start evaluation install with Minio
Velero plugin for GCP

Requirements

Server


GCP GKE Kubernetes cluster 1.7 or later

Client


MacOS (preferred), but Linux or Windows will work
kubectl installed
gcloud installed

Install

GCP GCS Bucket

Velero requires an object storage bucket in which to store backups, preferably unique to a single Kubernetes cluster.


Create a GCS bucket, replacing the <YOUR_BUCKET> placeholder with the name of your bucket:
BUCKET=<YOUR_BUCKET>

gsutil mb gs://$BUCKET/


GCP IAM Service Account

To integrate Velero with GCP, create a Velero-specific service account.


View your current config settings:
gcloud config list
Store the project value from the results in the environment variable $PROJECT_ID.
PROJECT_ID=$(gcloud config get-value project)


Create a service account:
gcloud iam service-accounts create velero --display-name "Velero service account"

If you'll be using Velero to backup multiple clusters with multiple GCS buckets, it may be desirable to create a unique username per cluster rather than the default velero.

Then list all accounts and find the velero account you just created:
gcloud iam service-accounts list
Set the $SERVICE_ACCOUNT_EMAIL variable to match its email value.
SERVICE_ACCOUNT_EMAIL=$(gcloud iam service-accounts list --filter="displayName:Velero service account" --format 'value(email)')


Attach policies to give velero the necessary permissions to function:
ROLE_PERMISSIONS=(
    compute.disks.get
    compute.disks.create
    compute.disks.createSnapshot
    compute.snapshots.get
    compute.snapshots.create
    compute.snapshots.useReadOnly
    compute.snapshots.delete
    compute.zones.get
)
gcloud iam roles create velero.server --project $PROJECT_ID --title "Velero Server" --permissions "$(IFS=","; echo "${ROLE_PERMISSIONS[*]}")"

gcloud projects add-iam-policy-binding $PROJECT_ID --member serviceAccount:$SERVICE_ACCOUNT_EMAIL --role projects/$PROJECT_ID/roles/velero.server

gsutil iam ch serviceAccount:$SERVICE_ACCOUNT_EMAIL:objectAdmin gs://${BUCKET}


Create a service account key, specifying an output file (credentials-velero) in your local directory:
gcloud iam service-accounts keys create credentials-velero --iam-account $SERVICE_ACCOUNT_EMAIL


Client

Prepare local computer.  MacOS is used in this process, but other operating systems are ok.


Install Velero CLI on Mac with HomeBrew.
⇒ brew install velero


Download the Velero tarfile with examples.
Download Velero latest official release


Extract velero tarfile.
⇒ tar -xvf <RELEASE-TARBALL-NAME>.tar


Server


Deploy Velero in Kubernetes cluster including the Velero plugin for GCP.
⇒ velero install --provider gcp --plugins velero/velero-plugin-for-gcp:v1.1.0 --bucket velero-sandbox-cnd --secret-file ./credentials-velero --use-volume-snapshots=true


Verify Velero deployment
⇒ kubectl -n velero get deployments


Ensure that 1/1 replicas are running.


Example

Deploy an example application that uses persistent storage.


Change to Velero untarred directory (i.e. velero-v1.4.0-darwin-amd64).
⇒ cd velero-v1.4.0-darwin-amd64


Deploy example application.
⇒ kubectl apply -f examples/nginx-app/with-pv.yaml


Verify deployment.
⇒ kubectl -n nginx-example get deployments


Get name of persistent volume bound to the nginx-example.
⇒ kubectl get pv


Label persistent volume from previous step.  Substitute actual persistent volume name for <PVC-NAME>.
⇒ kubectl label pv <PVC-NAME> velero.io/backup-name=<NAMESPACE-001>


Backup


Create a backup for any object that matches the app=nginx label selector:
⇒ velero backup create nginx-backup --selector app=nginx


(Optional) Create regularly scheduled backups based on a cron expression using the app=nginx label selector:
velero schedule create nginx-daily --schedule="0 1 * * *" --selector app=nginx

Alternatively, you can use some non-standard shorthand cron expressions:
velero schedule create nginx-daily --schedule="@daily" --selector app=nginx


Simulate a disaster:
kubectl delete namespace nginx-example


To check that the nginx deployment and service are gone, run:
kubectl get deployments --namespace=nginx-example
kubectl get services --namespace=nginx-example
kubectl get namespace/nginx-example


You should get no results.


Restore


Restore from backup:
velero restore create --from-backup nginx-backup


View restore details:
velero restore get

After the restore finishes, the output looks like the following:
NAME                          BACKUP         STATUS      WARNINGS   ERRORS    	CREATED                         SELECTOR
nginx-backup-20170727200524   nginx-backup   Completed   0          0         	2017-07-27 20:05:24 +0000 UTC   <none>

NOTE: The restore can take a few moments to finish. During this time, the STATUS column reads InProgress.
After a successful restore, the STATUS column is Completed, and WARNINGS and ERRORS are 0. All objects in the nginx-example namespace should be just as they were before you deleted them.


If there are errors or warnings, you can look at them in detail:
velero restore describe <RESTORE_NAME>


Clean Up

If you want to delete any backups you created, including data in object storage and persistent volume snapshots.


Delete backup
⇒ velero backup delete BACKUP_NAME


Cleanup example deployment
⇒ kubectl delete -f examples/nginx-app/base.yaml


Uninstall

If you would like to completely remove Velero from cluster, follow these steps.


Uninstall velero from cluster
⇒ kubectl delete namespace/velero clusterrolebinding/velero
⇒ kubectl delete crds -l component=velero