Skip to main content
Skip table of contents

Configure Velero with Azure, or GCP storage

Configure Velero to use Azure Blob Storage

Prerequisites: Create Azure related assets such as storage account, blob containers, resource group, roles, service principals prior to continuing.

  1. Confirm that you have created your storage account, and your blob container using these instructions.

  2. Prep your credentials-velero file with the values. You will need to use the same credentials that you created when creating the cluster. Please note that these credentials should not be Base64 encoded, as Velero will not read them properly. Export the AZURE_BACKUP_RESOURCE_GROUP that you created in the last step to be the AZURE_RESOURCE_GROUP in this step (in a later step, you will also use AZURE_BACKUP_RESOURCE_GROUP).

    CODE 
    cat << EOF > ./credentials-velero
AZURE_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID}
AZURE_TENANT_ID=${AZURE_TENANT_ID}
AZURE_CLIENT_ID=${AZURE_CLIENT_ID}
AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET}
AZURE_RESOURCE_GROUP=${AZURE_RESOURCE_GROUP}
AZURE_CLOUD_NAME=AzurePublicCloud
EOF

  3. Use the credentials-velero file to create the secret (in this case, it is named as azure-bsl-credentials). Note that we used --from-env-file referencing the credentials-velero file. If you are backing up the Management cluster, the namespace is kommander.

    CODE 
    kubectl create secret generic -n ${WORKSPACE_NAMESPACE} azure-bsl-credentials --from-file=azure="credentials-velero" --kubeconfig=${CLUSTER_NAME}.conf

Configure Velero on Attached or Managed Clusters

  1. Set the WORKSPACE_NAMESPACE environment variable to the name of the workspace’s namespace

    CODE 
    export WORKSPACE_NAMESPACE=<your_workspace_namespace>

  2. Create a ConfigMap to apply Azure to the Velero configuration

    CODE 
    cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
  namespace: ${WORKSPACE_NAMESPACE}
  name: velero-overrides
data:
  values.yaml: |
    initContainers:
      - name: velero-plugin-for-aws
        image: velero/velero-plugin-for-aws:v1.1.0
        imagePullPolicy: IfNotPresent
        volumeMounts:
          - mountPath: /target
            name: plugins
      - name: velero-plugin-for-microsoft-azure
        image: velero/velero-plugin-for-microsoft-azure:v1.5.1
        imagePullPolicy: IfNotPresent
        volumeMounts:
          - mountPath: /target
            name: plugins
    credentials:
      extraSecretRef: azure-bsl-credentials
EOF

  3. Patch the Velero AppDeployment by adding the configOverrides value. This applies the ConfigMap to your instance after the cluster has been configured.

    CODE 
    cat << EOF | kubectl -n ${WORKSPACE_NAMESPACE} patch appdeployment velero --type="merge" --patch-file=/dev/stdin
spec:
  configOverrides:
    name: velero-overrides
EOF

  4. After patching the AppDeployment, you will see the ConfigMap on the HelmRelease object

    CODE 
    kubectl wait --for=jsonpath='{.spec.valuesFrom[1].name}'=velero-overrides HelmRelease/velero -n ${WORKSPACE_NAMESPACE}

  5. Create the backup storage location via Velero CLI (note that this calls for the BLOB_CONTAINER and AZURE_STORAGE_ACCOUNT_ID variable that was used when creating the blob container in step 1, as well as the AZURE_BACKUP_SUBSCRIPTION_ID which will be the same as the AZURE_SUBSCRIPTION_ID set previously):

    BASH 
    velero backup-location create azure -n ${WORKSPACE_NAMESPACE} \
--provider azure \
--bucket ${BLOB_CONTAINER} \
--config resourceGroup=${AZURE_BACKUP_RESOURCE_GROUP},storageAccount=${AZURE_STORAGE_ACCOUNT_ID},subscriptionId=${AZURE_BACKUP_SUBSCRIPTION_ID} \
--credential=azure-bsl-credentials=azure --kubeconfig=${CLUSTER_NAME}.conf

  6. Verify that the Azure backup location is created:

    BASH 
    velero backup-location get -n ${WORKSPACE_NAMESPACE} --kubeconfig=${CLUSTER_NAME}.conf

  7. Check the Helm releases that the new Velero configuration has been applied:

    CODE 
    kubectl get helmrelease -n ${WORKSPACE_NAMESPACE} --kubeconfig=${CLUSTER_NAME}.conf

  8. Verify that the Velero pod is running:

    CODE 
    kubectl get pods -A --kubeconfig=${CLUSTER_NAME}.conf |grep velero

  9. Create a test backup for Azure:

    CODE 
    velero backup create azure-velero-testbackup -n ${WORKSPACE_NAMESPACE} --kubeconfig=${CLUSTER_NAME}.conf --storage-location azure --snapshot-volumes=false

  10. View your backup:

    CODE 
    velero backup describe azure-velero-testbackup

Configure Velero on the Management Cluster

  1. Create the backup storage location via Velero CLI (note that this calls for the BLOB_CONTAINER and AZURE_STORAGE_ACCOUNT_ID variable that was used when creating the blob container in step 1, as well as the AZURE_BACKUP_SUBSCRIPTION_ID which will be the same as the AZURE_SUBSCRIPTION_ID set earlier):

    BASH 
    velero backup-location create azure -n kommander \
--provider azure \
--bucket ${BLOB_CONTAINER} \
--config resourceGroup=${AZURE_BACKUP_RESOURCE_GROUP},storageAccount=${AZURE_STORAGE_ACCOUNT_ID},subscriptionId=${AZURE_BACKUP_SUBSCRIPTION_ID} \
--credential=azure-bsl-credentials=azure --kubeconfig=${CLUSTER_NAME}.conf

  2. Verify that the Azure backup location is created:

    BASH 
    velero backup-location get -n kommander --kubeconfig=${CLUSTER_NAME}.conf

  3. Output the Kommander configuration to kommander.yaml (or use your existing configuration file)

    CODE 
    dkp install kommander -o yaml --init > kommander.yaml

    1. Configure DKP to load the plugins and to include the secret in the apps.velero section:
      NOTE: This process has been tested to work with plugins for AWS v1.1.0 and Azure v1.5.1. Newer versions of these plugins can be used, but have not been tested by D2iQ.

      YAML 
      ...
  velero:
    enabled: true
    values: |
      initContainers:
        - name: velero-plugin-for-aws
          image: velero/velero-plugin-for-aws:v1.1.0
          imagePullPolicy: IfNotPresent
          volumeMounts:
            - mountPath: /target
              name: plugins
        - name: velero-plugin-for-microsoft-azure
          image: velero/velero-plugin-for-microsoft-azure:v1.5.1
          imagePullPolicy: IfNotPresent
          volumeMounts:
            - mountPath: /target
              name: plugins
      credentials:
        extraSecretRef: azure-bsl-credentials
...

  4. Use the modified kommander.yaml configuration in install this Velero configuration:

    CODE 
    dkp install kommander --installer-config kommander.yaml --kubeconfig=${CLUSTER_NAME}.conf

  5. Check the Helm releases that the new Velero configuration applied/loaded:

    CODE 
    kubectl get helmrelease -n kommander --kubeconfig=${CLUSTER_NAME}.conf

  6. Ensure that the Velero pod is running:

    CODE 
    kubectl get pods -A --kubeconfig=${CLUSTER_NAME}.conf |grep velero

  7. Create a test backup for Azure:

    CODE 
    velero backup create azure-velero-testbackup -n kommander --kubeconfig=${CLUSTER_NAME}.conf --storage-location azure --snapshot-volumes=false

  8. View your backup:

    CODE 
    velero backup describe azure-velero-testbackup

Configure Velero to use Google Cloud Buckets

You can also store your backups in Google Cloud/GCP.

See the official docs for details on how to use different types of authentication.

Prerequisites: Create GCP related assets such as GCS Bucket, GCP project, service accounts, and service account keys prior to continuing, and the velero, gcloud, and gsutil CLIs installed locally (gsutil is optional, you may buckets through the GCP web application).

  1. Confirm that you have created your storage account, and your bucket, using these instructions.

  2. Prep your credentials-velero file with the values, using the SERVICE_ACCOUNT_EMAIL you used to grant permissions to your bucket. This creates a credentials-velero file in your local directory.

    CODE 
    gcloud iam service-accounts keys create credentials-velero \
    --iam-account $SERVICE_ACCOUNT_EMAIL

  3. Use the credentials-velero file to create the secret (in this case, we named it bsl-credentials). Note that we used --from-env-file referencing the credentials-velero file. If you are backing up the Management cluster, the namespace is kommander.

    CODE 
    kubectl create secret generic -n ${WORKSPACE_NAMESPACE} bsl-credentials --from-file=gcp=credentials-velero --kubeconfig=${CLUSTER_NAME}.conf

Configuring Velero on Attached or Managed Clusters

  1. Set the WORKSPACE_NAMESPACE environment variable to the name of the workspace’s namespace

    CODE 
    export WORKSPACE_NAMESPACE=<your_workspace_namespace>

  2. Create the backup storage location via Velero CLI (note that this calls for the BUCKET variable that was used when creating the bucket container in step 1:

    CODE 
    velero backup-location create gcp-backup -n ${WORKSPACE_NAMESPACE} \
  --provider gcp \
  --bucket $BUCKET \
  --credential=bsl-credentials=gcp

  3. Verify that the GCP backup location is created:

    BASH 
    velero backup-location get -n ${WORKSPACE_NAMESPACE} --kubeconfig=${CLUSTER_NAME}.conf

  4. Create a ConfigMap to apply GCP to the Velero configuration

    CODE 
    cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
  namespace: ${WORKSPACE_NAMESPACE}
  name: velero-overrides
data:
  values.yaml: |
    initContainers:
      - name: velero-plugin-for-aws
        image: velero/velero-plugin-for-aws:v1.1.0
        imagePullPolicy: IfNotPresent
        volumeMounts:
          - mountPath: /target
            name: plugins
      - name: velero-plugin-for-gcp
        image: velero/velero-plugin-for-gcp:v1.5.0
        imagePullPolicy: IfNotPresent
        volumeMounts:
          - mountPath: /target
            name: plugins
    credentials:
      extraSecretRef: bsl-credentials
EOF

  5. Patch the Velero AppDeployment by adding the configOverrides value. This applies the ConfigMap in thisinstance after the cluster has been configured.

    CODE 
    cat << EOF | kubectl -n ${WORKSPACE_NAMESPACE} patch appdeployment velero --type="merge" --patch-file=/dev/stdin
spec:
  configOverrides:
    name: velero-overrides
EOF

  6. After patching the AppDeployment, you will see the ConfigMap on the HelmRelease object:

    CODE 
    kubectl wait --for=jsonpath='{.spec.valuesFrom[1].name}'=velero-overrides HelmRelease/velero -n ${WORKSPACE_NAMESPACE}

  7. Check the Helm releases that the new Velero configuration applied/loaded:

    CODE 
    kubectl get helmrelease -n ${WORKSPACE_NAMESPACE} --kubeconfig=${CLUSTER_NAME}.conf

  8. Ensure that the Velero pod is running:

    CODE 
    kubectl get pods -A --kubeconfig=${CLUSTER_NAME}.conf |grep velero

  9. Create a test backup for GCP:

    CODE 
    velero backup create gcp-velero-testbackup -n ${WORKSPACE_NAMESPACE} --kubeconfig=${CLUSTER_NAME}.conf --storage-location gcp-backup --snapshot-volumes=false

  10. Please note: if your backup wasn’t created, Velero may have had an issue installing the plugin. If the plugin was not installed, run this command:

    CODE 
    velero plugin add velero/velero-plugin-for-gcp:v1.5.0 -n ${WORKSPACE_NAMESPACE}

    And then confirm your backupstoragelocation was configured correctly

    CODE 
    kubectl get backupstoragelocations -n ${WORKSPACE_NAMESPACE}

    If your backup storage location is “Available”, repeat step 9 and proceed to the rest of the setup

    CODE 
    NAME             PHASE       LAST VALIDATED   AGE   DEFAULT
gcp-backup       Available   38s              60m

  11. View your backup:

    CODE 
    velero backup describe gcp-velero-testbackup

Configuring Velero on the Management Cluster

  1. Create the backup storage location via Velero CLI (note that this calls for the BUCKET variable that was used when creating the bucket container in step 1):

    CODE 
    velero backup-location create gcp-backup -n kommander \
  --provider gcp \
  --bucket $BUCKET \
  --credential=bsl-credentials=gcp

  2. Verify that the GCP backup location is created:

    BASH 
    velero backup-location get -n kommander --kubeconfig=${CLUSTER_NAME}.conf

  3. Output the Kommander configuration to kommander.yaml (or use your existing configuration file)

    CODE 
    dkp install kommander -o yaml --init > kommander.yaml

  4. Configure DKP to load the plugins and to include the secret under the apps.velero section:
    NOTE: This process has been tested to work with plugins for AWS v1.1.0 and GCP v1.5.0. Newer versions of these plugins can be used, but have not been tested by D2iQ.

    YAML 
    ...
  velero:
    enabled: true
    values: |
      initContainers:
        - name: velero-plugin-for-aws
          image: velero/velero-plugin-for-aws:v1.1.0
          imagePullPolicy: IfNotPresent
          volumeMounts:
            - mountPath: /target
              name: plugins
        - name: velero-plugin-for-gcp
          image: velero/velero-plugin-for-gcp:v1.5.0
          imagePullPolicy: IfNotPresent
          volumeMounts:
            - mountPath: /target
              name: plugins
      credentials:
        extraSecretRef: bsl-credentials
...

  5. Use the modified kommander.yaml configuration to install this Velero configuration:

    CODE 
    dkp install kommander --installer-config kommander.yaml --kubeconfig=${CLUSTER_NAME}.conf

  6. Check the Helm releases that the new Velero configuration applied/loaded (this normally takes a few minutes to catch up after running the install command):

    CODE 
    kubectl get helmrelease -n kommander --kubeconfig=${CLUSTER_NAME}.conf

  7. Ensure that the Velero pod is running:

    CODE 
    kubectl get pods -A --kubeconfig=${CLUSTER_NAME}.conf |grep velero

  8. Create a test backup for GCP:

    CODE 
    velero backup create gcp-velero-testbackup -n kommander --kubeconfig=${CLUSTER_NAME}.conf --storage-location gcp-backup --snapshot-volumes=false

  9. Please note: if your backup wasn’t created, Velero may have had an issue installing the plugin. If the plugin was not installed, run this command:

    CODE 
    velero plugin add velero/velero-plugin-for-gcp:v1.5.0 -n kommander

    And then confirm your backupstoragelocation was configured correctly

    CODE 
    kubectl get backupstoragelocations -n kommander

    If your backup storage location is “Available”, repeat step 8 and proceed to the rest of the setup

    CODE 
    NAME             PHASE       LAST VALIDATED   AGE   DEFAULT
gcp-backup       Available   38s              60m

  10. View your backup:

    CODE 
    velero backup describe gcp-velero-testbackup

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close