Prepare your Cluster for Backup - AWS
This section describes how to prepare your cluster on an AWS environment, so it can be backed up before you begin with Platform Expansion: Convert a DKP Essential Cluster to a DKP Enterprise Managed Cluster.
Prerequisites
Ensure Velero is installed on your Essential cluster
Install the Velero CLI (Use at least Velero CLI version 1.10.1)
Ensure kubectl is installed
Ensure you have admin rights to the DKP Essential cluster
Prepare your Cluster
Run the following commands in the DKP Essential cluster. For general guidelines on how to set the context, refer to Provide Context for Commands with a kubeconfig File.
Prepare Velero
Enable the CSI snapshotting plug-in by providing a custom configuration of Velero.
Create an Override with the custom configuration:
CODEcat << EOF | kubectl apply -f - apiVersion: v1 kind: ConfigMap metadata: name: velero-overrides namespace: kommander data: values.yaml: | --- configuration: features: EnableCSI initContainers: - name: velero-plugin-for-aws image: velero/velero-plugin-for-aws:v1.5.2 imagePullPolicy: IfNotPresent volumeMounts: - mountPath: /target name: plugins - name: velero-plugin-for-csi image: velero/velero-plugin-for-csi:v0.4.2 imagePullPolicy: IfNotPresent volumeMounts: - mountPath: /target name: plugins EOF
Update the
AppDeployment
to apply the new configuration:CODEcat << EOF | kubectl -n kommander patch appdeployment velero --type='merge' --patch-file=/dev/stdin spec: configOverrides: name: velero-overrides EOF
Verify the configuration has been updated before proceeding with the next section:
CODEkubectl -n kommander wait --for=condition=Ready kustomization velero
The output should look similar to this:
CODEkustomization.kustomize.toolkit.fluxcd.io/velero condition met
Prepare the AWS IAM Permission
When creating a cluster on AWS, you provided an additional permission as specified in https://docs.d2iq.com/dkp/2.4/iam-artifacts.
For the CSI plugin to function correctly, you must update the existing IAM role to include an additional policy.
Add the AmazonEBSCSIDriverPolicy policy to the control plane role control-plane.cluster-api-provider-aws.sigs.k8s.io
:
aws iam attach-role-policy \
--role-name control-plane.cluster-api-provider-aws.sigs.k8s.io \
--policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy
This will allow the EBS CSI driver, a volume manager, to have enough permissions to create volume snapshots.
The default control plane role name is control-plane.cluster-api-provider-aws.sigs.k8s.io
. If you customized this name when creating the AWS cluster, replace the default control plane role with the name you assigned to it.
Prepare the CSI Configuration
Configure a VolumeSnapshotClass
object on the cluster, so Velero can create a volume snapshot:
cat << EOF | kubectl apply -f -
apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshotClass
metadata:
name: aws
labels:
velero.io/csi-volumesnapshot-class: "true"
driver: ebs.csi.aws.com
deletionPolicy: Delete
parameters:
EOF