Kubernetes Backup and Disaster Recovery

Overview of Kubernetes

Why (Necessity is the mother of invention)

How To Do (Approaching Kubernetes backup)

What to do (Velero by VMware)

We will use istio bookinfo microservice example as our product services.kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
Make sure you have auth to your google cloud and your relevant project is selected in gcloud cmd. # Creating bucketBUCKET=<YOUR_BUCKET>

gsutil mb gs://$BUCKET/
# View config list and copy project namegcloud config list
# Store the project value from the results in the environment variable $PROJECT_ID.PROJECT_ID=$(gcloud config get-value project)# Create a service account:gcloud iam service-accounts create velero \
--display-name "Velero service account"
# Set the $SERVICE_ACCOUNT_EMAIL variable to match its email value.SERVICE_ACCOUNT_EMAIL=$(gcloud iam service-accounts list \
--filter="displayName:Velero service account" \
--format 'value(email)')
Attach policies to give velero the necessary permissions to function:# Our permissionsROLE_PERMISSIONS=(
compute.zones.get )
# Creating a role with those permissionsgcloud iam roles create velero.server \ --project $PROJECT_ID \ --title "Velero Server" \ --permissions "$(IFS=","; echo "${ROLE_PERMISSIONS[*]}")" # Creating IAM policy for our account that uses the role we just createdgcloud projects add-iam-policy-binding $PROJECT_ID \ --member serviceAccount:$SERVICE_ACCOUNT_EMAIL \ --role projects/$PROJECT_ID/roles/velero.server # Giving access to our bucketgsutil iam ch serviceAccount:$SERVICE_ACCOUNT_EMAIL:objectAdmin gs://${BUCKET}# Create a service account key, specifying an output file (credentials-velero) in your local directory. Store it somewhere safe. gcloud iam service-accounts keys create credentials-velero \ — iam-account $SERVICE_ACCOUNT_EMAIL
# Install velero on servervelero install \
--provider gcp \
--plugins velero/velero-plugin-for-gcp:v1.1.0 \
--bucket $BUCKET \
--secret-file ./credentials-velero
velero schedule create daily-backup --schedule "0 7 * * *"
# Update your backup storage location to read-only mode (this prevents backup objects from being created or deleted in the backup storage location during the restore process):# Get storage location name and copy the Name value.
velero backup-location get
# Set the storage location access mode to read-onlykubectl patch backupstoragelocation <STORAGE LOCATION NAME> \
--namespace velero \
--type merge \
--patch '{"spec":{"accessMode":"ReadOnly"}}'
## create a restore from the latest successful backup triggered by schedule "daily-backup"

velero restore create --from-schedule daily-backup
# Once the restore jon is created, use the following command to monitor progressvelero restore describe <Restore-Object-Name># Patching backup location access to allow read/write accesskubectl patch backupstoragelocation <STORAGE LOCATION NAME> \
--namespace velero \
--type merge \
--patch '{"spec":{"accessMode":"ReadWrite"}}'
# Creating a backupvelero backup create my-backup-1# Getting a list of backups available
velero backup get
# Creating a restore job from backup name.
velero restore create --from-backup my-backup-1





Bikes, Tea, Sunset, IndieMusic in that order. Software Engineer who fell in love with cloud-native infrastructure.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Serverless Data Integration - Part I (2019)

GCP Virtualization & Cloud Basics (Google Cloud Certified Associate Cloud Engineer)….(1)

UNIX-like processes and the imaginary disco ball

Beyond Provisioning: What is Infrastructure Governance and Why Does it Matter?

What is structured logging and why developers need it

AWS CLI Introduction

What does fit in a low resources namespace? 3rd part. Inlets

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Bikes, Tea, Sunset, IndieMusic in that order. Software Engineer who fell in love with cloud-native infrastructure.

More from Medium

Kubectl Tip #2

Backup etcd in Kubernetes (and Restore)

Kubernetes on Local Machine

Kubernetes and K3s

Configuration and Storage in Kubernetes