top of page

Velero - installation (part 2)

Jakub Witkowski
Sep 20, 20232 min read

Updated: Sep 20, 2023

Installation

Velero could be installed via Velero cli command (Velero Docs - Basic Install ) or via helm chart (VMware Tanzu Helm Repository)

Provided configuration snippet is used with the Velero helm chart (version 3.2.0).

Setup consist of:

  • file system backup mode with Restic option

  • local (cluster-1) and remote cluster (cluster-2)

  • Minio object storage with buckets (velero-cluster-1 and velero-cluster-2)

  • existing K8s secret contain Minio credentials to avoid store them in Git repository (comment contain format of supported syntax)

configuration:
  provider: aws
  backupStorageLocation:  
    bucket: velero-cluster-1
    name: cluster-1
    default: true
    config:
      region: minio
      s3ForcePathStyle: true
      s3Url: http://minio-url

initContainers:
- name: velero-plugin-for-aws
  image: velero/velero-plugin-for-aws:v1.7.0
  imagePullPolicy: IfNotPresent
  volumeMounts:
    - mountPath: /target
      name: plugins

deployNodeAgent: true

resources:
  requests:
    cpu: 125m
    memory: 128Mi
  limits:
    cpu: 1000m
    memory: 512Mi

metrics:
  enabled: true

backupsEnabled: true
snapshotsEnabled: false

credentials:
  useSecret: true
  name: cloud-credentials
  existingSecret: cloud-credentials
  #secretContents:
  #  cloud: |
  #    [default]
  #    aws_access_key_id=minio
  #    aws_secret_access_key=miniostorage

extraObjects:
- apiVersion: velero.io/v1
  kind: BackupStorageLocation
  metadata:
    name: cluster-2
    namespace: velero
  spec:
    accessMode: ReadOnly
    config:
      region: minio
      s3ForcePathStyle: "true"
      s3Url: http://minio-url
    default: false
    objectStorage:
      bucket: velero-cluster-2
    provider: aws

ArgoCD configuration notes

When backup is created via Schedule object (Velero Docs - Schedule API Type ) default configuration (useOwnerReferencesInBackup: false) make Backup objects visible in ArgoCD UI directly under ArgoCD main application and not under Schedule object because default configuration don’t set ownerReference in Backup object which is used by ArgoCD to graph apps and objects tree in UI.

Set value useOwnerReferencesInBackup: true has a really serious side effect that removal of Schedule object also leads to delete all backups with all related data created from this schedule.

To solve this problem the most recommended way is to ignore Velero K8s Backup objects in ArgoCD configuration. Solution is not perfect because in ArgoCD all Backup objects won't be visible at all but with a large number of backups overview of objects won’t be useful anyway.

Following configuration snippets is prepared for ArgoCD helm chart values:

configs:
  cm:
    resource.exclusions: |
      - apiGroups:
        - 'velero.io'
        kinds:
        - 'Backup'
        clusters:
        - '*'

bottom of page