OpenShift Container Platform 4.14 on HPE DL AMD Gen11 Servers

# INSTALL AND CONFIGURE VELERO

# Introduction

Velero is an open source tool to safely backup and restore, perform disaster recovery, and migrate Kubernetes cluster resources and persistent volumes. It works both on premises and in a public cloud. Velero consists of a server process running as a deployment in your Kubernetes cluster and a command-line interface (CLI) with which DevOps teams and platform operators configure scheduled backups, trigger ad-hoc backups, perform restores, and more.

Unlike other tools which directly access the Kubernetes etcd database to perform backups and restores, Velero uses the Kubernetes API to capture the state of cluster resources and to restore them when necessary. This API-driven approach has a number of key benefits:

  • Backups can capture subsets of the cluster's resources, filtering by namespace, resource type, and/or label selector, providing a high degree of flexibility around what's backed up and restored

  • Users of managed Kubernetes offerings often do not have access to the underlying etcd database, so direct backups/restores of it are not possible

  • Resources exposed through aggregated API servers can easily be backed up and restored even if they're stored in a separate etcd database

Velero provides a suite of tools to backup Kubernetes resources and applications for two main purposes:

  • Disaster Recovery -- Recover Kubernetes cluster components and applications

  • Migration -- Migrate your Kubernetes applications to another Kubernetes cluster

  • Data Protection - Offers key data protection features such as scheduled backups, retention schedules, and pre or post-backup hooks for custom actions

FIGURE 23 Installing and Configure Velero High Level View

Velero lets you:

  • Take backups of your cluster and restore in case of loss

  • Migrate cluster resources to other clusters

  • Replicate your production cluster to development and testing clusters

Velero consists of:

  • A server that runs on your cluster

  • A command-line client that runs locally

This section covers how to install and configure Velero and how to use Velero to take backup/restore on an Openshift Container Platform by using noobaa object storage

Prerequisites

OpenShift Container Platform cluster should be available with the administrator credentials OCP cluster should have NooBaa object storage as part of Openshift Storage cluster

Installation Process

Installing the Velero Client

  1. From the installer node navigate to the temporary /tmp directory

[root@installer ] \ cd /tmp

  1. Use wget and the link you can copy from (https://github.com/vmware-tanzu/velero/releases ) to download the release tarball:

[root@installer ] $ wget https://<link_copy_from_release_page >
  1. Once the download completes, extract the tarball using tar

 [root@installer tmp] $ tar -xvzf velero-v1.12.3-linux-amd64.tar.gz
  1. The /tmp directory should now contain the extracted velero-v1.12.3-linux-amd64.

Move the Velero executable out of the temporary /tmp directory and add it to your PATH.

[root@installer tmp] $ sudo velero-v1.12.3-linux-amd64velero /usr/local/bin/velero

  1. Now you can get the secret key from AWS and create the file in the format shown below using the key you retrieved.
[default] 

aws_access_key_id= <Access Key ID>

aws_secret_access_key= <Secret Access Key>

Installing the Velero Server

Once you are ready with the appropriate bucket and backup location settings, it is time to install Velero. Run the following command, substituting your values where required:


[root@installer tmp] $ velero install  

--provider aws \ 

--plugins velero/velero-plugin-for-aws:v1.5.0 \

--bucket velerobucket10 \

--secret-file ./cloud-credentials \ 

--backup-location-config region=ap-south-1 \ 

--snapshot-location-config region=ap-south-1

You should see the following output:

CustomResourceDefinition/backups.velero.io: attempting to create
resource 

CustomResourceDefinition/backups.velero.io: attempting to create
resource client 

CustomResourceDefinition/backups.velero.io: created 

CustomResourceDefinition/backupstoragelocations.velero.io: attempting to
create resource 

CustomResourceDefinition/backupstoragelocations.velero.io: attempting to
create resource client 

CustomResourceDefinition/backupstoragelocations.velero.io: created 

CustomResourceDefinition/deletebackuprequests.velero.io: attempting to
create resource 

CustomResourceDefinition/deletebackuprequests.velero.io: attempting to
create resource client 

CustomResourceDefinition/deletebackuprequests.velero.io: created 

CustomResourceDefinition/downloadrequests.velero.io: attempting to
create resource 

CustomResourceDefinition/downloadrequests.velero.io: attempting to
create resource client 

CustomResourceDefinition/downloadrequests.velero.io: created 

CustomResourceDefinition/podvolumebackups.velero.io: attempting to
create resource 

CustomResourceDefinition/podvolumebackups.velero.io: attempting to
create resource client 

CustomResourceDefinition/podvolumebackups.velero.io: created 

CustomResourceDefinition/podvolumerestores.velero.io: attempting to
create resource 

CustomResourceDefinition/podvolumerestores.velero.io: attempting to
create resource client 

CustomResourceDefinition/podvolumerestores.velero.io: created 

CustomResourceDefinition/resticrepositories.velero.io: attempting to
create resource 

CustomResourceDefinition/resticrepositories.velero.io: attempting to
create resource client 

CustomResourceDefinition/resticrepositories.velero.io: created 

CustomResourceDefinition/restores.velero.io: attempting to create
resource 

CustomResourceDefinition/restores.velero.io: attempting to create
resource client 

CustomResourceDefinition/restores.velero.io: created 

CustomResourceDefinition/schedules.velero.io: attempting to create
resource 

CustomResourceDefinition/schedules.velero.io: attempting to create
resource client 

CustomResourceDefinition/schedules.velero.io: created 

CustomResourceDefinition/serverstatusrequests.velero.io: attempting to
create resource 

CustomResourceDefinition/serverstatusrequests.velero.io: attempting to
create resource client 

CustomResourceDefinition/serverstatusrequests.velero.io: created 

CustomResourceDefinition/volumesnapshotlocations.velero.io: attempting
to create resource 

CustomResourceDefinition/volumesnapshotlocations.velero.io: attempting
to create resource client 

CustomResourceDefinition/volumesnapshotlocations.velero.io: created 

Waiting for resources to be ready in cluster... 

Namespace/velero: attempting to create resource 

Namespace/velero: attempting to create resource client 

Namespace/velero: created 

ClusterRoleBinding/velero: attempting to create resource 

ClusterRoleBinding/velero: attempting to create resource client 

ClusterRoleBinding/velero: created 

ServiceAccount/velero: attempting to create resource 

ServiceAccount/velero: attempting to create resource client 

ServiceAccount/velero: created 

Secret/cloud-credentials: attempting to create resource 

Secret/cloud-credentials: attempting to create resource client 

Secret/cloud-credentials: created 

BackupStorageLocation/default: attempting to create resource 

BackupStorageLocation/default: attempting to create resource client 

BackupStorageLocation/default: created 

VolumeSnapshotLocation/default: attempting to create resource 

VolumeSnapshotLocation/default: attempting to create resource client 

VolumeSnapshotLocation/default: created 

Deployment/velero: attempting to create resource 

Deployment/velero: attempting to create resource client 

Deployment/velero: created 


Velero is installed! ⛵ Use 'kubectl logs deployment/velero -n velero' to
view the status.

Once the deployment is ready you will be able to see the status using the following command:

[root@installer tmp] $ oc get po -n velero 

NAME                      READY   STATUS    RESTARTS   AGE 

velero-798b86bf47-2s68n   1/1     Running   0          36s

Follow below steps for backup and restore.

  1. Below figure shows WordPress app resources under project WordPress.

[root@installer tmp]$ oc get pods,pvc,routes -n test-word 

NAME                                  READY   STATUS             
RESTARTS   AGE 

pod/wordpress-687f77b58d-7p66j        1/1       Running  0          40m 

pod/wordpress-mysql-db6648954-rsvn8   1/1     Running   0          40m 

 

NAME                                   STATUS   VOLUME             
CAPACITY   ACCESS MODES   STORAGECLASS        AGE 

persistentvolumeclaim/mysql-pv-claim   Bound    local-pv-c0254aba  
279Gi      RWO            localstorageclass   40m 

persistentvolumeclaim/wp-pv-claim      Bound    local-pv-4e4a3889  
931Gi      RWO            localstorageclass   40m 

 

NAME                                     
HOST/PORT                                       PATH   SERVICES        
PORT     TERMINATION   WILDCARD 

route.route.openshift.io/wordpress-http  
wordpress-http-default.apps.rhocp.tamil.local          wordpress-http  
80-tcp                 None
  1. Run the following command to create a backup.

[root@installer tmp] $ velero backup create wordbackup
--include-namespaces  test-word 

Backup request "wordbackup" submitted successfully.

Run velero backup describe wordbackup or velero backup logs wordbackup for more details.

  1. Run below command to get available backups in Velero.
[root@installer tmp] $ velero backup get 

NAME         STATUS      ERRORS   WARNINGS  
CREATED                         EXPIRES   STORAGE LOCATION   SELECTOR 

wordbackup   Completed   0        0          2022-08-23 02:46:51 -0500
CDT   29d       default            &lt;none&gt;
  1. Now you can Delete the wordpress application and you can restore from aws. Run the below command to restore the backup in Velero.
[root@installer tmp] $ velero restore create --from-backup
wordbackup 

Restore request "wordbackup-20220823040033" submitted successfully. 

Run `velero restore describe wordbackup-20220823040033` or `velero
restore logs wordbackup-20220823040033` for more details. 
``` 

5.  Run the below command to list the restore. 

``` bash
[root@installer tmp] $ velero restore get 

NAME                        BACKUP       STATUS     
STARTED                         COMPLETED                       ERRORS  
WARNINGS   CREATED                         SELECTOR 

wordbackup-20220823035926   wordbackup   Completed   2022-08-23 03:54:52
-0500 CDT   2022-08-23 03:54:58 -0500 CDT   0        0         
2022-08-23 03:59:28 -0500 CDT   &lt;none&gt;

Verification

Verify WordPress resources were restored.

[root@installer tmp] $ oc get pods,pvc,routes -n test-word 

NAME                                  READY   STATUS             
RESTARTS   AGE 

pod/wordpress-85fcfb7db6-8gbmg        1/1       Running  0          35m 

pod/wordpress-mysql-568dc68776-jtgs5   1/1     Running   0          35m 

 

NAME                                   STATUS   VOLUME             
CAPACITY   ACCESS MODES   STORAGECLASS        AGE 

persistentvolumeclaim/mysql-pv-claim   Bound    local-pv-c0254aba  
279Gi      RWO            localstorageclass   35m 

persistentvolumeclaim/wp-pv-claim      Bound    local-pv-4e4a3889  
931Gi      RWO            localstorageclass   35m 

 

NAME                                     
HOST/PORT                                       PATH   SERVICES        
PORT     TERMINATION   WILDCARD 

route.route.openshift.io/wordpress-http  
wordpress-http-default.apps.rhocp.tamil.local          wordpress-http  
80-tcp                 None

Securing Red Hat OpenShift Container Platform using Sysdig Secure