Velero is a tool maintained by Heptio that allows you to back up and restore your Kubernetes cluster along with its persistent volumes.
In addition to being a backup tool, it can also be used to replicate an existing cluster in a different environment in order to establish a testing environment. Velero comprises a server that runs in your cluster and a local command-line client. Cluster resources can be backed up locally or to a cloud object storage service like AWS S3, Google Cloud Storage or Azure Blob Storage.
Configure AWS S3¶
The following steps, outlined in detail in the Velero documentation, are required:
- Create an S3 bucket in which cluster backups can be stored. Heptio recommends a unique S3 bucket for each Kubernetes cluster
- Create an IAM user for Velero. Heptio recommends a unique username per cluster
If you are using Tarmak with kube2iam, Velero can be used alongside kube2iam by defining a Trust Policy. This process is defined in Velero’s step-by-step AWS guide .
Install Velero on remote cluster¶
$ git clone https://github.com/heptio/velero.git $ tarmak kubectl apply -f velero/examples/common/00-prereqs.yaml $ tarmak kubectl apply -f velero/examples/minio/
00-prereqs.yaml file creates a heptio-velero namespace, an velero
service account and applies RBAC rules to grant permissions to that service
account, as well as CustomResourceDefinitions for the resources used by
minio YAMLs install Minio, an object storage server
compatible with AWS S3 (and other object storage services).
Using Velero on a Tarmak cluster¶
In order to run Velero operations against the cluster (i.e.
velero backup /
velero restore /
velero schedule), run the following tarmak command to
ensure that an SSH tunnel is open, and that the current cluster’s kubeconfig
file has been saved locally and set as the
KUBECONFIG environment variable:
$ export $(tarmak cluster kubeconfig)
Velero will now we able to interact with the Tarmak cluster. If you have
deployed velero in a non-default namespace (default is heptio-velero) on your
cluster, you’ll need to specify this with a