Post

Mastering Kubernetes Backups with Velero.

Posted
By Nikos Nikolakakis 3 min read

Kubernetes is designed for high availability and fault tolerance, but even the most resilient systems can encounter failures. Velero, an open-source tool, simplifies Kubernetes backup and disaster recovery, making it an essential addition to your cluster’s resilience strategy. This post explores how Velero enables reliable backup and recovery for Kubernetes clusters, helping SREs ensure resilience and data protection.

Why Backups Are Essential for Kubernetes

While Kubernetes offers robustness, unexpected events like hardware failures, misconfigurations, or human errors can lead to data loss or downtime. Backups ensure you can recover the cluster’s state, minimizing disruption and maintaining service availability. Regularly practicing disaster recovery also helps identify gaps in your strategy.

2. What is Velero?

Velero is an open-source tool for Kubernetes backup and disaster recovery. It’s designed to handle both Kubernetes objects and persistent volume snapshots, making it a comprehensive solution for managing your cluster’s state. With support for major cloud providers and S3-compatible storage systems, Velero fits seamlessly into various infrastructure setups.

Key Features of Velero

  • Backup Kubernetes Objects: Save deployments, services, and other resources.
  • Persistent Volume Snapshots: Ensure data stored externally is backed up.
  • Scheduled and On-Demand Backups: Flexibility to suit different scenarios.
  • Namespace Filtering: Backup specific namespaces or exclude system-critical ones like kube-system.
  • Disaster Recovery: Restore entire clusters or targeted namespaces.
  • Cloud Provider Support: Compatible with AWS, Google Cloud, Azure, and more.

Setting Up Velero

  1. Install Velero

To get started, install Velero using its CLI or Helm chart. Ensure it’s configured to use your desired storage backend:

1
2
3
4
5
6
7
8
9
10

velero install \
    --provider aws \
    --bucket $(tofu output -raw velero_bucket_name) \
    --plugins velero/velero-plugin-for-aws:v1.6.0 \
    --use-volume-snapshots=false \
    --backup-location-config region=$(tofu output -raw region),s3ForcePathStyle="true",s3Url=https://s3.$(tofu output -raw region).amazonaws.com \
    --namespace $(tofu output -raw velero_service_account_namespace) \
    --service-account-name $(tofu output -raw velero_service_account_name) \
    --pod-labels "node-type=system" \
    --no-secret
  1. Create Backup Schedules

Velero supports both on-demand and scheduled backups. Define schedules using YAML for GitOps compatibility:

1
2
3

velero schedule create daily-backup --include-namespaces default --schedule="@daily" --ttl 168h

kubectl --namespace velero describe schedule daily-backup
  1. Verify Backups

List all backups to confirm they are running as expected:

1

velero backup get

Practical Demo: Velero in Action

To further illustrate Velero’s capabilities, I’ve created a practical demo hosted on GitHub. This repository contains Terraform scripts and application files to:

  • Set up an EKS cluster.
  • Configure Velero with AWS S3 as the backup storage.
  • Deploy a sample application for testing backups and restores.

Best Practices for Kubernetes Backups

  • Include Both Objects and Data: Always back up Kubernetes objects and persistent volumes.
  • External Log Storage: Use tools like Grafana Loki to store logs externally.
  • GitOps Integration: Define backup configurations in version-controlled YAML files.
  • Namespace Exclusions: Avoid unnecessary namespaces to streamline recovery.
  • Test Disaster Recovery: Regularly practice restoring backups to identify potential issues.
  • Cloud Storage for Backups: Leverage scalable cloud storage for reliability and cost efficiency.

Challenges with Kubernetes Backups

While Velero is powerful, it’s not a one-size-fits-all solution:

  • Databases: Often require their own backup strategies to avoid corruption during recovery.
  • Cluster Mutations: Restoring mutated Kubernetes resources can introduce complexity.
  • Ownership Issues: Proper access controls must be in place to avoid restore errors.

Combining Velero with GitOps and database-specific tools ensures a more robust recovery process.

Combining Velero with GitOps

GitOps tools like ArgoCD complement Velero by maintaining the desired state of your cluster in a Git repository. While Velero restores snapshots of the actual state, GitOps ensures the cluster aligns with your intended configuration. Together, these approaches enhance disaster recovery capabilities.

Conclusion

Velero simplifies Kubernetes backup and recovery, offering SREs a reliable tool to safeguard clusters. By integrating Velero with GitOps and practicing disaster recovery, teams can build resilient systems ready to handle failures. Whether you’re restoring a single namespace or recovering an entire cluster, Velero ensures your Kubernetes environment is always prepared.

Check out the velero-demo repository for practical examples and setup instructions.

Velero

sre kubernetes backup velero opentofu
This post is licensed under CC BY 4.0 by the author.