The following page is as as-built doc on setting up cluster wide backups in velero in the hopes of using those backups for some sort of cluster migration in the future.

Velero backups should be considered for longer term backups for kubernetes resources as well.

Setup

Velero has already been installed from work previously done to back up Harbor: https://cloud.wikis.utexas.edu/wiki/spaces/cws/pages/143689773

To start with, we’ll need a new S3 bucket to store these backups:

aws s3api create-bucket \
    --bucket [CLUSTER_NAME]-k8s-backups \
    --region us-east-1 \
    --profile eis1-cmp-storage-[ENV] \
    --no-cli-pager

IAM Policy:

cat > velero-policy.json <<EOF
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeVolumes",
                "ec2:DescribeSnapshots",
                "ec2:CreateTags",
                "ec2:CreateVolume",
                "ec2:CreateSnapshot",
                "ec2:DeleteSnapshot"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:PutObject",
                "s3:AbortMultipartUpload",
                "s3:ListMultipartUploadParts"
            ],
            "Resource": [
                "arn:aws:s3:::${BUCKET}/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::${BUCKET}"
            ]
        }
    ]
}
EOF

Add permissions to the velero user previously made to allow them access to this bucket:

aws iam put-user-policy \
  --profile eis1-cmp-storage-[ENV] \
  --region us-east-1 \
  --user-name velero \
  --policy-name cmp-cluster-backups \
  --policy-document file://velero-policy.json

Create a new Velero Backup location to use this backup:

apiVersion: velero.io/v1
kind: BackupStorageLocation
  name: aws-[CLUSTER_NAME]-k8s-backups
  namespace: velero
spec:
  accessMode: ReadWrite
  config:
    region: us-east-1
  objectStorage:
    bucket: [S3_BUCKET]
  provider: aws

Backup

To make a backup:

KUBECONFIG=~/.kube/utr-internal-sandbox.yml velero backup create backup-test --storage-location=[VELERO_BACKUP_LOCATION]

This will back up everything in the cluster under a backup name backup-test

Backup names need to be unique, so lets suffix these with something like a timestamp.

UT CMP - RKE Migration - Backups

Setup

Backup