BestHub
Sign in
Operations 10 min read

How to Install and Use Velero for Kubernetes Backup and Migration

This guide introduces Velero, an open-source Kubernetes backup and migration tool, explains its architecture and workflow, and provides step-by-step instructions for installing the client and server, configuring object storage with MinIO, and managing backups and restores.

MaGe Linux Operations
MaGe Linux Operations
MaGe Linux Operations
How to Install and Use Velero for Kubernetes Backup and Migration

Velero Overview

Velero is an open‑source backup and migration tool for Kubernetes clusters originally developed by the Heptio team (now part of VMware).

It stores cluster resources in object storage and supports AWS, Azure, and GCP out of the box (all compatible with the S3 protocol). Additional providers can be added via plugins, such as Aliyun OSS.

Velero currently does not provide version management; it only supports incremental restores and does not delete or overwrite existing data.

How Velero Works

Velero creates a set of Custom Resource Definitions (CRDs) and related controllers inside the cluster; backup and restore operations are performed by manipulating these CRD objects. The workflow diagram is shown below.

The Velero client creates a Backup object via the Kubernetes API server.

The BackupController watches for changes to Backup objects and initiates the backup process.

During backup, the controller queries the API server for the required data.

After gathering the data, the controller uploads it to the configured object storage.

Operations topology diagram:

Across all clusters, administrators use the Velero client to send backup and restore requests to the Velero server, which pulls the specified Kubernetes objects. The data is compressed as JSON and stored in the object storage service.

The backup data directory structure looks like this:

Installing Velero

Downloading Files

The binary can be downloaded from GitHub. The example below uses CentOS and Velero 1.6.0.

Download the archive and extract it, then copy the executable to /usr/local/bin:

wget https://github.com/vmware-tanzu/velero/releases/download/v1.6.0/velero-v1.6.0-linux-amd64.tar.gz
tar -zxvf velero-v1.6.0-linux-amd64.tar.gz && cd velero-v1.6.0-linux-amd64/

View the extracted directory structure:

[root@m-master126 velero-v1.6.0-linux-amd64]# tree
.
├── examples
│   ├── minio
│   │   └── 00-minio-deployment.yaml
│   ├── nginx-app
│   │   ├── base.yaml
│   │   ├── README.md
│   │   └── with-pv.yaml
│   └── README.md
├── LICENSE
└── velero

3 directories, 7 files

Configuring Object Storage Service

If you do not have a public cloud object storage service, this guide uses MinIO to provide one. For public clouds, you can skip the MinIO steps and simply create a credentials-velero file.

Set MinIO service to NodePort:

sed -i "/type: /s#ClusterIP#NodePort#" examples/minio/00-minio-deployment.yaml

Create the MinIO service:

kubectl apply -f examples/minio/00-minio-deployment.yaml

Check the service port:

[root@m-master126 velero-v1.6.0-linux-amd64]# kubectl get svc -n velero
NAME   TYPE     CLUSTER-IP     EXTERNAL-IP   PORT(S)          AGE
minio  NodePort 10.233.11.92   <none>        9000:32304/TCP   60s

The address {minio_service_ip}:32304 will be used by Velero to store backup data. Access it via a browser at http://{NodeIP}:32304 (default credentials: minio/minio123).

Create the MinIO credentials file credentials-velero:

cat <<'EOF' > credentials-velero
[default]
aws_access_key_id = minio
aws_secret_access_key = minio123
EOF

Verify the file exists:

[root@m-master126 velero-v1.6.0-linux-amd64]# ls
credentials-velero  examples  LICENSE  velero

Installing the Velero Client

Copy the executable to the system path:

cp velero /usr/local/bin/

Installing the Velero Server

Run the installation command:

velero install \
   --plugins harbor.openserver.cn:443/library/velero/velero-plugin-for-aws:v1.0.0 \
   --provider aws \
   --bucket velero \
   --namespace velero \
   --secret-file ./credentials-velero \
   --velero-pod-cpu-request 200m \
   --velero-pod-mem-request 200Mi \
   --velero-pod-cpu-limit 1000m \
   --velero-pod-mem-limit 1000Mi \
   --use-volume-snapshots=false \
   --use-restic \
   --restic-pod-cpu-request 200m \
   --restic-pod-mem-request 200Mi \
   --restic-pod-cpu-limit 1000m \
   --restic-pod-mem-limit 1000Mi \
   --backup-location-config region=minio,s3ForcePathStyle="true",s3Url=http://{NodeIp}:32304

Note that --use-restic enables PV backup support. After installation, you can list the created resources:

[root@m-master126 velero-v1.6.0-linux-amd64]# kubectl get crd | grep velero
backups.velero.io
backupstoragelocations.velero.io
deletebackuprequests.velero.io
downloadrequests.velero.io
podvolumebackups.velero.io
podvolumerestores.velero.io
resticrepositories.velero.io
restores.velero.io
schedules.velero.io
serverstatusrequests.velero.io
volumesnapshotlocations.velero.io
[root@m-master126 velero-v1.6.0-linux-amd64]# kubectl get all -n velero
NAME                                 READY   STATUS      RESTARTS   AGE
pod/minio-7b4ff54f67-kx259           1/1     Running     0          14h
pod/minio-setup-mx8d5                0/1     Completed   0          14h
pod/restic-c6hkt                     1/1     Running     0          14h
pod/restic-gfkwq                     1/1     Running     0          14h
pod/restic-j5bjr                     1/1     Running     0          14h
pod/restic-zrkzn                     1/1     Running     0          14h
pod/velero-df6dcd97-6qjj4            1/1     Running     0          14h

NAME               TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)          AGE
service/minio      NodePort   10.233.11.92   <none>        9000:32304/TCP   14h

NAME                     DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
daemonset.apps/restic   4         4         4       4            4           <none>          14h

NAME                     READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/minio    1/1     1            1           14h
deployment.apps/velero   1/1     1            1           14h

NAME                               DESIRED   CURRENT   READY   AGE
replicaset.apps/minio-7b4ff54f67 1         1         1       14h
replicaset.apps/velero-df6dcd97   1         1         1       14h

NAME                    COMPLETIONS   DURATION   AGE
job.batch/minio-setup    1/1           3s         14h

The services are running, jobs have completed, and many CRDs have been created.

Uninstalling the Velero Server

kubectl delete namespace/velero clusterrolebinding/velero
kubectl delete crds -l component=velero

Source: https://www.cnblogs.com/zhangmingcheng/p/14836274.html (© original author).

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

Cloud NativeKubernetesVelero
MaGe Linux Operations
Written by

MaGe Linux Operations

Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment