Customizing Disaster recovery module

Customize Velero to run using cloud resources

Kubernetes Fury Distribution includes Velero as disaster recovery solution to your cluster. The default configuration works out of the box providing scheduled backups of the manifests deployed to the cluster.

But Velero requires aditional configuration if you want to use all of its capabilities while runing in cloud environments like Amazon Web Services, Microsoft Azure or Google Cloud Platform.

Kind Manifests Volumes Restic Ingegration
on-prem (Default) Yes.
Backups lives inside the cluster in a dedicated
Minio Instance
No Yes
AWS Yes.
Backups will be available in S3 Buckets
Yes.
Backups will be available as Volume Snapshosts
Yes
Google Cloud Platform Yes.
Backups will be available in GCS Buckets
Yes.
Backups will be available as Volume Snapshots
Yes
Microsoft Azure Yes.
Backups will be available in a Storage Account Container
Yes.
Backups will be available as Volume Snaphosts
Yes

System Requirements

If you are running your Kubernetes cluster in one of the cloud environment listed before, you will need to create some cloud resources to configure Velero to work using cloud capabilities.

SIGHUP has developed terraform modules to make it super simple to create the required resources. You can find each terraform module here:

  • aws-velero: This terraform module provides an easy way to generate Velero's required cloud resources (S3 and IAM) to backup kubernetes objects and trigger volume snapshot.
  • azure-velero: This terraform module provides an easy way to generate Velero's required cloud resources (Object Storage and Credentials) to backup kubernetes objects and trigger volume snapshots.
  • gcp-velero: This terraform module provides an easy way to generate Velero's required cloud resources (Bucket and Credentials) to backup kubernetes objects and trigger volume snapshots.

Every terraform module shares the same terraform output names to make easy the creation of Kubernetes Resources (.yaml).

Name Description
backup_storage_location Velero Cloud BackupStorageLocation CRD
cloud_credentials Velero required file with credentials
volume_snapshot_location Velero Cloud VolumeSnapshotLocation CRD

You can create a terraform project with the following code to create resources in gcp (for example):

module "velero" {
  source             = "git::https://github.com/sighupio/fury-kubernetes-dr.git//modules/gcp-velero?ref=v1.2.0"
  name               = "my-cluster"
  env                = "staging"
  backup_bucket_name = "my-cluster-staging-velero"
  project            = "sighup-staging"
}

Check terraform module documentation to see detailed information about input/output terraform variables.

And after applying the configuration in the cloud provider, you can output the Kubernetes manifests with the following commands for later usage:

$ terraform output cloud_credentials > /tmp/cloud_credentials.config
$ kubectl create secret generic cloud-credentials --from-file=cloud=/tmp/cloud_credentials.config --dry-run -o yaml > /tmp/cloud-credentials.yaml
$ terraform output volume_snapshot_location > /tmp/volume_snapshot_location.yaml
$ terraform output backup_storage_location > /tmp/backup_storage_location.yaml

Setup

You will need to modify the project structure adding some directories, adding previously created files, modifiying kustomization.yaml files, etcetera.

$ ls manifests/distribution/kustomization.yaml
manifests/distribution/kustomization.yaml
# Create require additional project structure
$ mkdir -p manifests/secrets manifests/resources
# Let's copy previously created files from the terraform output
$ cp /tmp/volume_snapshot_location.yaml manifests/resources/volume_snapshot_location.yaml
$ cp /tmp/backup_storage_location.yaml manifests/resources/backup_storage_location.yaml
$ cp /tmp/cloud-credentials.yaml manifests/secrets/cloud-credentials.yaml

kustomization.yaml

Once you've got everything placed in the right position, we have to modify a couple of files to continue with the Disaster Recovery module customization:

You have to add the new resources and secrets directory content to the manifests/kustomization.yaml file:

$ echo -e "\nresources:\n  - resources/volume_snapshot_location.yaml\n  - resources/backup_storage_location.yaml\n  - secrets/cloud-credentials.yaml" >> manifests/kustomization.yaml

And modify the manifests/distribution/kustomization.yaml file to replace the on-prem installation of velero with the one of the available cloud provider. Let's continue the gcp example:

$ sed -i .backup 's@velero-on-prem@velero-gcp@g' manifests/distribution/kustomization.yaml
$ grep velero manifests/distribution/kustomization.yaml
  - ../../vendor/katalog/dr/velero/velero-gcp
  - ../../vendor/katalog/dr/velero/velero-restic

Test

If you have followed these steps, you can verify everything is in place with the following command:

$ kustomize build manifests/ | grep velero-plugin-for-gcp
      - image: velero/velero-plugin-for-gcp:v1.0.0

Commit changes to the repository

These changes should be saved in the git repository, so:

$ git add .
$ git commit -m "Deploy velero integration with gcp package instead of velero-on-prem"
$ git push origin master