How to install Velero in an OpenShift environment
Introduction
In a previous blog, Backing up OpenShift, I showed how to use Velero to back up an OpenShift cluster deployed to AWS.
The article didn’t specify how to install Velero in OpenShift, but simply pointed to the official Velero website. Well, the Velero website shows how to deploy to AWS, Azure, GCP and using MinIO, but I couldn’t find a straightforward way to do with OpenShift.
So in this blog, I show the steps required to install MinIO and Velero in an OpenShift environment
Clone the Velero repository
The first step is to clone the Velero repository:
git clone https://github.com/vmware-tanzu/velero.git
cd veleroInstall MinIO
Now that we cloned the repository, deploying MinIO to your OpenShift environment is very simple:
oc apply -f examples/minio/00-minio-deployment.yamlAnd you should see the output like this:
Eduardos-MBP:velero edu$ oc apply -f examples/minio/00-minio-deployment.yamlnamespace/velero configureddeployment.apps/minio unchangedservice/minio unchangedjob.batch/minio-setup unchanged
Expose MinIO
Now, we need to expose the MinIO service outside the cluster, so that the velero CLI can interact with it. In OpenShift, this is pretty simple:
oc project velero
oc expose svc minioYou should see the following output:
Eduardos-MBP:minio edu$ oc expose svc minioroute.route.openshift.io/minio exposed
You can get the information about the route by running the following command:
oc get route minioYou should be able to open the URL listed there and log in using user: minio and password: minio123
Install Velero CLI
Next, we need to install the Velero CLI in the local machine. For Mac, run the following command:
brew install veleroCreate credential file
Next, we need to create the Minio credential file. So create a file named credentials-velero with the following content:
[default]
aws_access_key_id = minio
aws_secret_access_key = minio123Install Velero
We are finally ready to install Velero. Run the following command:
velero install \
--provider aws \
--plugins velero/velero-plugin-for-aws:v1.0.0 \
--bucket velero \
--secret-file ./credentials-velero \
--use-volume-snapshots=false \
--backup-location-config region=minio,s3ForcePathStyle="true",s3Url=http://minio.velero.svc:9000And you should see the following output:
edu@eduardos-air velero % velero install \--provider aws \--plugins velero/velero-plugin-for-aws:v1.0.0 \--bucket velero \--secret-file ./credentials-velero \--use-volume-snapshots=false \--backup-location-config region=minio,s3ForcePathStyle="true",s3Url=http://minio.velero.svc:9000CustomResourceDefinition/backups.velero.io: attempting to create resourceCustomResourceDefinition/backups.velero.io: createdCustomResourceDefinition/backupstoragelocations.velero.io: attempting to create resourceCustomResourceDefinition/backupstoragelocations.velero.io: createdCustomResourceDefinition/deletebackuprequests.velero.io: attempting to create resourceCustomResourceDefinition/deletebackuprequests.velero.io: createdCustomResourceDefinition/downloadrequests.velero.io: attempting to create resourceCustomResourceDefinition/downloadrequests.velero.io: createdCustomResourceDefinition/podvolumebackups.velero.io: attempting to create resourceCustomResourceDefinition/podvolumebackups.velero.io: createdCustomResourceDefinition/podvolumerestores.velero.io: attempting to create resourceCustomResourceDefinition/podvolumerestores.velero.io: createdCustomResourceDefinition/resticrepositories.velero.io: attempting to create resourceCustomResourceDefinition/resticrepositories.velero.io: createdCustomResourceDefinition/restores.velero.io: attempting to create resourceCustomResourceDefinition/restores.velero.io: createdCustomResourceDefinition/schedules.velero.io: attempting to create resourceCustomResourceDefinition/schedules.velero.io: createdCustomResourceDefinition/serverstatusrequests.velero.io: attempting to create resourceCustomResourceDefinition/serverstatusrequests.velero.io: createdCustomResourceDefinition/volumesnapshotlocations.velero.io: attempting to create resourceCustomResourceDefinition/volumesnapshotlocations.velero.io: createdWaiting for resources to be ready in cluster...Namespace/velero: attempting to create resourceNamespace/velero: already exists, proceedingNamespace/velero: createdClusterRoleBinding/velero: attempting to create resourceClusterRoleBinding/velero: createdServiceAccount/velero: attempting to create resourceServiceAccount/velero: createdSecret/cloud-credentials: attempting to create resourceSecret/cloud-credentials: createdBackupStorageLocation/default: attempting to create resourceBackupStorageLocation/default: createdDeployment/velero: attempting to create resourceDeployment/velero: createdVelero is installed! ⛵ Use 'kubectl logs deployment/velero -n velero' to view the status.
Very good.
Now, we need to test it.
Create some Kubernetes resources
To test the backup procedure, let’s first create some Kubernetes resources. It doesn’t matter which resource, so I will stick to a simple one: ConfigMap. Run the following script to create an OpenShift project and many ConfigMaps:
oc new-project test-backupfor i in {1..20}; do echo Creating ConfigMap $i; oc create configmap cm-$i --from-literal="key=$i"; done
The lines above create a new project and 20 ConfigMaps. Run the following command to confirm:
oc get configmapBack up OpenShift
Now, we can test the backup procedure. For simplicity, we are going to back up only the test-backup project, but the same concept applies to any (or all) projects. Run the following command:
velero backup create my-backup --include-namespaces test-backupand you will see the following output:
Eduardos-MBP:velero edu$ velero backup create my-backup --include-namespaces test-backupBackup request "my-backup" submitted successfully.Run `velero backup describe my-backup` or `velero backup logs my-backup` for more details.
After a few seconds, you can check the backup has completed:
velero backup describe my-backupSimulating loss
Now, let’s simulate some loss:
oc delete configmap cm-{1..20}You can validate by running the following command:
oc get configmapIt should return no configmap:
Eduardos-MBP:velero edu$ oc get configmapNo resources found.
Restoring the environment
Let’s now restore the backup that Velero created:
velero restore create --from-backup my-backupNow, we can check the result:
oc get cmAnd you should see the 20 ConfigMaps restored. Awesome!
Conclusion
In this blog, I showed how to install and use Velero to back up and restore an OpenShift environment.
Velero makes really simple to back up the etcd data and the Persistent Volumes to an S3 Bucket.
Bring your plan to the IBM Garage.
Are you ready to learn more about DevSecOps and delivering value with the IBM Garage? We’re here to help. Contact us today to schedule time to speak with a Garage expert about your next big idea. Learn about our IBM Garage Method, the design, development and startup communities we work in, and the deep expertise and capabilities we bring to the table.
Schedule a no-charge visit with the IBM Garage.