Velero with Azure Blob Containers - Prepare your Environment

Prerequisites

• Ensure you have installed Velero (included in the default DKP installation).

• Ensure you have installed the Velero CLI.

• Ensure you have installed the Azure CLI.

• Ensure you have sufficient access rights to the Azure storage environment and blob container you want to use for backup. For more information about data authorization, see the official Azure blob storage documentation.

Prepare your Environment

1. Create a container in Azure blob storage.

2. Set the BLOB_CONTAINER environment variable to the name of the blob container you created to use as backup storage:

   CODE

   export BLOB_CONTAINER=<Azure-blob-container-name>

3. Set up a storage account and resource group.

4. Set the AZURE_BACKUP_RESOURCE_GROUP variable to the name of the resource group you created:

   CODE

   AZURE_BACKUP_RESOURCE_GROUP=<azure-resource-group-name>

5. Set the AZURE_STORAGE_ACCOUNT_ID variable to the unique identifier of the storage account you want to use for the backup:
   See https://learn.microsoft.com/en-us/azure/storage/common/storage-account-get-info?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json&tabs=azure-cli#get-the-resource-id-for-a-storage-account to obtain the ID. The output shows the entire location path of the storage account. You only need the last part, or storage account name, to set the variable.

   CODE

   AZURE_STORAGE_ACCOUNT_ID=<storage-account-name>

6. Set the AZURE_BACKUP_SUBSCRIPTION_ID variable to the unique identifier of the subscription you want to use for the backup:
   See https://learn.microsoft.com/en-us/cli/azure/account?view=azure-cli-latest#az-account-list to obtain the ID.

   CODE

   AZURE_BACKUP_SUBSCRIPTION_ID=<azure-subscription-id>

7. Set the WORKSPACE_NAMESPACE environment variable to the name of the workspace’s namespace.
   Replace <workspace_namespace> with the name of the target workspace:

   CODE

   export WORKSPACE_NAMESPACE=<workspace_namespace>

This can be the kommander namespace for the Management cluster or any other additional workspace namespace for Attached or Managed clusters. To list all available workspace namespaces, use the kubectl get kommandercluster -A command.

8. Set the CLUSTER_NAME environment variable. Replace <target_cluster> with the name of the cluster where you want to set up Velero:

   CODE

   export CLUSTER_NAME=<target_cluster>

Prepare your Azure Credentials

See https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-data-operations-portal for more details on authorization.

1. Create a credentials-velero file with the information required to create a secret. Use the same credentials that you employed when creating the cluster.
   These credentials should not be Base64 encoded, because Velero will not read them properly.
   Replace the variables in <...> with your environment's information. See your Microsoft Azure account to look up the values.

   CODE

   cat << EOF > ./credentials-velero
   AZURE_SUBSCRIPTION_ID=${AZURE_BACKUP_SUBSCRIPTION_ID}
   AZURE_TENANT_ID=<AZURE_TENANT_ID>
   AZURE_CLIENT_ID=<AZURE_CLIENT_ID>
   AZURE_CLIENT_SECRET=<AZURE_CLIENT_SECRET>
   AZURE_BACKUP_RESOURCE_GROUP=${AZURE_BACKUP_RESOURCE_GROUP}
   AZURE_CLOUD_NAME=AzurePublicCloud
   EOF

2. Use the credentials-velero file to create the secret:

   CODE

   kubectl create secret generic -n ${WORKSPACE_NAMESPACE} velero-azure-credentials --from-file=azure=credentials-velero --kubeconfig=${CLUSTER_NAME}.conf

    

Next Step:

Velero with Azure Blob Containers - Configure Velero