vmware-tanzu
/
velero
mirror of https://github.com/vmware-tanzu/velero.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #1376 from nrb/install-docs 

Document install command
pull/1397/head
Steve Kriss 2019-04-24 12:12:57 -06:00 committed by GitHub
parent e9c131df71 9cd2862c8e
commit db9f8e16d9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 123 additions and 806 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
docs/aws-config.md
View File

@ -5,14 +5,17 @@ To set up Velero on AWS, you:
* Download an official release of Velero * Download an official release of Velero
* Create your S3 bucket * Create your S3 bucket
* Create an AWS IAM user for Velero * Create an AWS IAM user for Velero
* Configure the server * Install the server
* Create a Secret for your credentials
If you do not have the `aws` CLI locally installed, follow the [user guide][5] to set it up. If you do not have the `aws` CLI locally installed, follow the [user guide][5] to set it up.
## Download Velero ## Download Velero
1. Download the [latest release's](https://github.com/heptio/velero/releases) tarball for your client platform. 1. Download the [latest official release's](https://github.com/heptio/velero/releases) tarball for your client platform.
_We strongly recommend that you use an [official release](https://github.com/heptio/velero/releases) of
Velero. The tarballs for each release contain the `velero` command-line client. The code in the master branch
of the Velero repository is under active development and is not guaranteed to be stable!_
1. Extract the tarball: 1. Extract the tarball:
```bash ```bash
@ -22,25 +25,23 @@ If you do not have the `aws` CLI locally installed, follow the [user guide][5] t
1. Move the `velero` binary from the Velero directory to somewhere in your PATH. 1. Move the `velero` binary from the Velero directory to somewhere in your PATH.
_We strongly recommend that you use an [official release](https://github.com/heptio/velero/releases) of Velero. The tarballs for each release contain the
`velero` command-line client **and** version-specific sample YAML files for deploying Velero to your cluster. The code and sample YAML files in the master
branch of the Velero repository are under active development and are not guaranteed to be stable. Use them at your own risk!_
## Create S3 bucket ## Create S3 bucket
Velero requires an object storage bucket to store backups in, preferrably unique to a single Kubernetes cluster (see the [FAQ][20] for more details). Create an S3 bucket, replacing placeholders appropriately: Velero requires an object storage bucket to store backups in, preferrably unique to a single Kubernetes cluster (see the [FAQ][20] for more details). Create an S3 bucket, replacing placeholders appropriately:
```bash ```bash
BUCKET=<YOUR_BUCKET>
REGION=<YOUR_REGION>
aws s3api create-bucket \ aws s3api create-bucket \
--bucket <YOUR_BUCKET> \ --bucket $BUCKET \
--region <YOUR_REGION> \ --region $REGION \
--create-bucket-configuration LocationConstraint=<YOUR_REGION> --create-bucket-configuration LocationConstraint=$REGION
``` ```
NOTE: us-east-1 does not support a `LocationConstraint`. If your region is `us-east-1`, omit the bucket configuration: NOTE: us-east-1 does not support a `LocationConstraint`. If your region is `us-east-1`, omit the bucket configuration:
```bash ```bash
aws s3api create-bucket \ aws s3api create-bucket \
--bucket <YOUR_BUCKET> \ --bucket $BUCKET \
--region us-east-1 --region us-east-1
``` ```
@ -59,7 +60,6 @@ For more information, see [the AWS documentation on IAM users][14].
2. Attach policies to give `velero` the necessary permissions: 2. Attach policies to give `velero` the necessary permissions:
```bash ```bash
BUCKET=<YOUR_BUCKET>
cat > velero-policy.json <<EOF cat > velero-policy.json <<EOF
{ {
"Version": "2012-10-17", "Version": "2012-10-17",
@ -138,43 +138,31 @@ For more information, see [the AWS documentation on IAM users][14].
where the access key id and secret are the values returned from the `create-access-key` request. where the access key id and secret are the values returned from the `create-access-key` request.
## Credentials and configuration
In the Velero directory (i.e. where you extracted the release tarball), run the following to first set up namespaces, RBAC, and other scaffolding. To run in a custom namespace, make sure that you have edited the YAML files to specify the namespace. See [Run in custom namespace][0]. ## Install and start Velero
Install Velero, including all prerequisites, into the cluster and start the deployment. This will create a namespace called `velero`, and place a deployment named `velero` in it.
```bash ```bash
kubectl apply -f config/common/00-prereqs.yaml velero install \
--provider aws \
--bucket $BUCKET \
--secret-file ./credentials-velero
--backup-location-config region=$REGION \
--snapshot-location-config region=$REGION \
--secret-file ./credentials-velero
``` ```
Create a Secret. In the directory of the credentials file you just created, run: Additionally, you can specify `--use-restic` to enable restic support, and `--wait` to wait for the deployment to be ready.
```bash For more complex installation needs, use either the Helm chart, or add `--dry-run -o yaml` options for generating the YAML representation for the installation.
kubectl create secret generic cloud-credentials \
--namespace <VELERO_NAMESPACE> \
--from-file cloud=credentials-velero
```
Specify the following values in the example files:
* In `config/aws/05-backupstoragelocation.yaml`: ## Setting AWS_CLUSTER_NAME (Optional)
* Replace `<YOUR_BUCKET>` and `<YOUR_REGION>` (for S3 backup storage, region is optional and will be queried from the AWS S3 API if not provided). See the [BackupStorageLocation definition][21] for details. * If you have multiple clusters and you want to support migration of resources between them, you can use `kubectl edit deploy/velero -n velero` to edit your deployment:
* In `config/aws/06-volumesnapshotlocation.yaml`: * Add the environment variable `AWS_CLUSTER_NAME` under `spec.template.spec.env`, with the current cluster's name. When restoring backup, it will make Velero (and cluster it's running on) claim ownership of AWS volumes created from snapshots taken on different cluster.
* Replace `<YOUR_REGION>`. See the [VolumeSnapshotLocation definition][6] for details.
* (Optional, use only to specify multiple volume snapshot locations) In `config/aws/10-deployment.yaml` (or `config/aws/10-deployment-kube2iam.yaml`, as appropriate):
* Uncomment the `--default-volume-snapshot-locations` and replace provider locations with the values for your environment.
* (Optional) If you run the nginx example, in file `config/nginx-app/with-pv.yaml`:
* Replace `<YOUR_STORAGE_CLASS_NAME>` with `gp2`. This is AWS's default `StorageClass` name.
* (Optional) If you have multiple clusters and you want to support migration of resources between them, in file `config/aws/10-deployment.yaml`:
* Uncomment the environment variable `AWS_CLUSTER_NAME` and replace `<YOUR_CLUSTER_NAME>` with the current cluster's name. When restoring backup, it will make Velero (and cluster it's running on) claim ownership of AWS volumes created from snapshots taken on different cluster.
The best way to get the current cluster's name is to either check it with used deployment tool or to read it directly from the EC2 instances tags. The best way to get the current cluster's name is to either check it with used deployment tool or to read it directly from the EC2 instances tags.
The following listing shows how to get the cluster's nodes EC2 Tags. First, get the nodes external IDs (EC2 IDs): The following listing shows how to get the cluster's nodes EC2 Tags. First, get the nodes external IDs (EC2 IDs):
@ -197,16 +185,6 @@ Specify the following values in the example files:
aws ec2 describe-tags --filters "Name=resource-id,Values=<ID>" "Name=key,Values=KubernetesCluster" aws ec2 describe-tags --filters "Name=resource-id,Values=<ID>" "Name=key,Values=KubernetesCluster"
``` ```
## Start the server
In the root of your Velero directory, run:
```bash
kubectl apply -f config/aws/05-backupstoragelocation.yaml
kubectl apply -f config/aws/06-volumesnapshotlocation.yaml
kubectl apply -f config/aws/10-deployment.yaml
```
## ALTERNATIVE: Setup permissions using kube2iam ## ALTERNATIVE: Setup permissions using kube2iam
[Kube2iam](https://github.com/jtblin/kube2iam) is a Kubernetes application that allows managing AWS IAM permissions for pod via annotations rather than operating on API keys. [Kube2iam](https://github.com/jtblin/kube2iam) is a Kubernetes application that allows managing AWS IAM permissions for pod via annotations rather than operating on API keys.
@ -298,7 +276,7 @@ It can be set up for Velero by creating a role that will have required permissio
--policy-name velero-policy \ --policy-name velero-policy \
--policy-document file://./velero-policy.json --policy-document file://./velero-policy.json
``` ```
4. Update `AWS_ACCOUNT_ID` & `VELERO_ROLE_NAME` in the file `config/aws/10-deployment-kube2iam.yaml`: 4. Update `AWS_ACCOUNT_ID` & `VELERO_ROLE_NAME` with `kubectl edit deploy/velero -n velero` and add the following annotation:
``` ```
--- ---
@ -318,7 +296,11 @@ It can be set up for Velero by creating a role that will have required permissio
... ...
``` ```
5. Run Velero deployment using the file `config/aws/10-deployment-kube2iam.yaml`. ## Installing the nginx example (optional)
If you run the nginx example, in file `config/nginx-app/with-pv.yaml`:
* Replace `<YOUR_STORAGE_CLASS_NAME>` with `gp2`. This is AWS's default `StorageClass` name.
[0]: namespace.md [0]: namespace.md
[5]: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html [5]: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html

67
docs/azure-config.md
View File

@ -5,8 +5,7 @@ To configure Velero on Azure, you:
* Download an official release of Velero * Download an official release of Velero
* Create your Azure storage account and blob container * Create your Azure storage account and blob container
* Create Azure service principal for Velero * Create Azure service principal for Velero
* Configure the server * Install the server
* Create a Secret for your credentials
If you do not have the `az` Azure CLI 2.0 installed locally, follow the [install guide][18] to set it up. If you do not have the `az` Azure CLI 2.0 installed locally, follow the [install guide][18] to set it up.
@ -23,7 +22,11 @@ consider using Premium Managed Disks, which are SSD backed.
## Download Velero ## Download Velero
1. Download the [latest release's](https://github.com/heptio/velero/releases) tarball for your client platform. 1. Download the [latest official release's](https://github.com/heptio/velero/releases) tarball for your client platform.
_We strongly recommend that you use an [official release](https://github.com/heptio/velero/releases) of
Velero. The tarballs for each release contain the `velero` command-line client. The code in the master branch
of the Velero repository is under active development and is not guaranteed to be stable!_
1. Extract the tarball: 1. Extract the tarball:
```bash ```bash
@ -33,10 +36,6 @@ consider using Premium Managed Disks, which are SSD backed.
1. Move the `velero` binary from the Velero directory to somewhere in your PATH. 1. Move the `velero` binary from the Velero directory to somewhere in your PATH.
_We strongly recommend that you use an [official release](https://github.com/heptio/velero/releases) of Velero. The tarballs for each release contain the
`velero` command-line client **and** version-specific sample YAML files for deploying Velero to your cluster. The code and sample YAML files in the master
branch of the Velero repository are under active development and are not guaranteed to be stable. Use them at your own risk!_
## Create Azure storage account and blob container ## Create Azure storage account and blob container
Velero requires a storage account and blob container in which to store backups. Velero requires a storage account and blob container in which to store backups.
@ -71,7 +70,8 @@ az storage account create \
Create the blob container named `velero`. Feel free to use a different name, preferably unique to a single Kubernetes cluster. See the [FAQ][20] for more details. Create the blob container named `velero`. Feel free to use a different name, preferably unique to a single Kubernetes cluster. See the [FAQ][20] for more details.
```bash ```bash
az storage container create -n velero --public-access off --account-name $AZURE_STORAGE_ACCOUNT_ID BLOB_CONTAINER=velero
az storage container create -n $BLOB_CONTAINER --public-access off --account-name $AZURE_STORAGE_ACCOUNT_ID
``` ```
## Get resource group for persistent volume snapshots ## Get resource group for persistent volume snapshots
@ -120,47 +120,40 @@ To integrate Velero with Azure, you must create an Velero-specific [service prin
AZURE_CLIENT_ID=`az ad sp list --display-name "velero" --query '[0].appId' -o tsv` AZURE_CLIENT_ID=`az ad sp list --display-name "velero" --query '[0].appId' -o tsv`
``` ```
## Credentials and configuration Now you need to create a file that contains all the environment variables you just set. The command looks like the following:
In the Velero directory (i.e. where you extracted the release tarball), run the following to first set up namespaces, RBAC, and other scaffolding. To run in a custom namespace, make sure that you have edited the YAML file to specify the namespace. See [Run in custom namespace][0].
```bash ```bash
kubectl apply -f config/common/00-prereqs.yaml cat << EOF > ./credentials-velero
AZURE_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID}
AZURE_TENANT_ID=${AZURE_TENANT_ID}
AZURE_CLIENT_ID=${AZURE_CLIENT_ID}
AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET}
AZURE_RESOURCE_GROUP=${AZURE_RESOURCE_GROUP}
EOF
``` ```
Now you need to create a Secret that contains all the environment variables you just set. The command looks like the following: ## Install and start Velero
Install Velero, including all prerequisites, into the cluster and start the deployment. This will create a namespace called `velero`, and place a deployment named `velero` in it.
```bash ```bash
kubectl create secret generic cloud-credentials \ velero install \
--namespace <VELERO_NAMESPACE> \ --provider azure \
--from-literal AZURE_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID} \ --bucket $BLOB_CONTAINER \
--from-literal AZURE_TENANT_ID=${AZURE_TENANT_ID} \ --secret-file ./credentials-velero \
--from-literal AZURE_CLIENT_ID=${AZURE_CLIENT_ID} \ --backup-location-config resourceGroup=$AZURE_BACKUP_RESOURCE_GROUP,storageAccount=$AZURE_STORAGE_ACCOUNT_ID \
--from-literal AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET} \ --snapshot-location-config apiTimeout=<YOUR_TIMEOUT>
--from-literal AZURE_RESOURCE_GROUP=${AZURE_RESOURCE_GROUP}
``` ```
Now that you have your Azure credentials stored in a Secret, you need to replace some placeholder values in the template files. Specifically, you need to change the following: Additionally, you can specify `--use-restic` to enable restic support, and `--wait` to wait for the deployment to be ready.
* In file `config/azure/05-backupstoragelocation.yaml`: For more complex installation needs, use either the Helm chart, or add `--dry-run -o yaml` options for generating the YAML representation for the installation.
* Replace `<YOUR_BLOB_CONTAINER>`, `<YOUR_STORAGE_RESOURCE_GROUP>`, and `<YOUR_STORAGE_ACCOUNT>`. See the [BackupStorageLocation definition][21] for details. ## Installing the nginx example (optional)
* In file `config/azure/06-volumesnapshotlocation.yaml`: If you run the nginx example, in file `config/nginx-app/with-pv.yaml`:
* Replace `<YOUR_TIMEOUT>`. See the [VolumeSnapshotLocation definition][8] for details. * Replace `<YOUR_STORAGE_CLASS_NAME>` with `default`. This is Azure's default `StorageClass` name.
* (Optional, use only if you need to specify multiple volume snapshot locations) In `config/azure/00-deployment.yaml`:
* Uncomment the `--default-volume-snapshot-locations` and replace provider locations with the values for your environment.
## Start the server
In the root of your Velero directory, run:
```bash
kubectl apply -f config/azure/
```
[0]: namespace.md [0]: namespace.md
[8]: api-types/volumesnapshotlocation.md#azure [8]: api-types/volumesnapshotlocation.md#azure

57
docs/gcp-config.md
View File

@ -9,7 +9,11 @@ If you do not have the `gcloud` and `gsutil` CLIs locally installed, follow the
## Download Velero ## Download Velero
1. Download the [latest release's](https://github.com/heptio/velero/releases) tarball for your client platform. 1. Download the [latest official release's](https://github.com/heptio/velero/releases) tarball for your client platform.
_We strongly recommend that you use an [official release](https://github.com/heptio/velero/releases) of
Velero. The tarballs for each release contain the `velero` command-line client. The code in the master branch
of the Velero repository is under active development and is not guaranteed to be stable!_
1. Extract the tarball: 1. Extract the tarball:
```bash ```bash
@ -19,10 +23,6 @@ If you do not have the `gcloud` and `gsutil` CLIs locally installed, follow the
1. Move the `velero` binary from the Velero directory to somewhere in your PATH. 1. Move the `velero` binary from the Velero directory to somewhere in your PATH.
_We strongly recommend that you use an [official release](https://github.com/heptio/velero/releases) of Velero. The tarballs for each release contain the
`velero` command-line client **and** version-specific sample YAML files for deploying Velero to your cluster. The code and sample YAML files in the master
branch of the Velero repository are under active development and are not guaranteed to be stable. Use them at your own risk!_
## Create GCS bucket ## Create GCS bucket
Velero requires an object storage bucket in which to store backups, preferably unique to a single Kubernetes cluster (see the [FAQ][20] for more details). Create a GCS bucket, replacing the <YOUR_BUCKET> placeholder with the name of your bucket: Velero requires an object storage bucket in which to store backups, preferably unique to a single Kubernetes cluster (see the [FAQ][20] for more details). Create a GCS bucket, replacing the <YOUR_BUCKET> placeholder with the name of your bucket:
@ -110,49 +110,30 @@ To integrate Velero with GCP, create an Velero-specific [Service Account][15]:
If you run Google Kubernetes Engine (GKE), make sure that your current IAM user is a cluster-admin. This role is required to create RBAC objects. If you run Google Kubernetes Engine (GKE), make sure that your current IAM user is a cluster-admin. This role is required to create RBAC objects.
See [the GKE documentation][22] for more information. See [the GKE documentation][22] for more information.
In the Velero directory (i.e. where you extracted the release tarball), run the following to first set up namespaces, RBAC, and other scaffolding. To run in a custom namespace, make sure that you have edited the YAML files to specify the namespace. See [Run in custom namespace][0].
## Install and start Velero
Install Velero, including all prerequisites, into the cluster and start the deployment. This will create a namespace called `velero`, and place a deployment named `velero` in it.
```bash ```bash
kubectl apply -f config/common/00-prereqs.yaml velero install \
--provider gcp \
--bucket $BUCKET \
--secret-file ./credentials-velero
``` ```
Create a Secret. In the directory of the credentials file you just created, run: Additionally, you can specify `--use-restic` to enable restic support, and `--wait` to wait for the deployment to be ready.
```bash (Optional) Specify `--snapshot-location-config snapshotLocation=<YOUR_LOCATION>` to keep snapshots in a specific availability zone. See the [VolumeSnapshotLocation definition][8] for details.
kubectl create secret generic cloud-credentials \
--namespace velero \
--from-file cloud=credentials-velero
```
**Note: If you use a custom namespace, replace `velero` with the name of the custom namespace** For more complex installation needs, use either the Helm chart, or add `--dry-run -o yaml` options for generating the YAML representation for the installation.
Specify the following values in the example files: ## Installing the nginx example (optional)
* In file `config/gcp/05-backupstoragelocation.yaml`: If you run the nginx example, in file `config/nginx-app/with-pv.yaml`:
* Replace `<YOUR_BUCKET>`. See the [BackupStorageLocation definition][7] for details.
* (Optional) If you run the nginx example, in file `config/nginx-app/with-pv.yaml`:
* Replace `<YOUR_STORAGE_CLASS_NAME>` with `standard`. This is GCP's default `StorageClass` name. * Replace `<YOUR_STORAGE_CLASS_NAME>` with `standard`. This is GCP's default `StorageClass` name.
* (Optional, use only if you need to specify multiple volume snapshot locations) In `config/gcp/10-deployment.yaml`:
* Uncomment the `--default-volume-snapshot-locations` and replace provider locations with the values for your environment.
* (Optional) In file `config/gcp/06-volumesnapshotlocation.yaml`:
* Add `snapshotLocation: <YOUR_LOCATION>` to the config. See the [VolumeSnapshotLocation definition][8] for details.
## Start the server
In the root of your Velero directory, run:
```bash
kubectl apply -f config/gcp/05-backupstoragelocation.yaml
kubectl apply -f config/gcp/06-volumesnapshotlocation.yaml
kubectl apply -f config/gcp/10-deployment.yaml
```
[0]: namespace.md [0]: namespace.md
[7]: api-types/backupstoragelocation.md#gcp [7]: api-types/backupstoragelocation.md#gcp
@ -160,5 +141,5 @@ In the root of your Velero directory, run:
[15]: https://cloud.google.com/compute/docs/access/service-accounts [15]: https://cloud.google.com/compute/docs/access/service-accounts
[16]: https://cloud.google.com/sdk/docs/ [16]: https://cloud.google.com/sdk/docs/
[20]: faq.md [20]: faq.md
[22]: https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control#prerequisites_for_using_role-based_access_control [22]: https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control#iam-rolebinding-bootstrap

18
docs/install-overview.md
View File

@ -14,13 +14,29 @@ For details, see the documentation topics for individual cloud providers.
## Cloud provider ## Cloud provider
The Velero repository includes a set of example YAML files that specify the settings for each supported cloud provider. For provider-specific instructions, see: The Velero client includes an `install` command to specify the settings for each supported cloud provider. You can install Velero for the included cloud providers using the following command:
```bash
velero install \
--provider <YOUR_PROVIDER> \
--bucket <YOUR_BUCKET> \
--secret-file <PATH_TO_FILE> \
[--backup-location-config]
[--snapshot-location-config]
[--namespace]
```
For provider-specific instructions, see:
* [Run Velero on AWS][0] * [Run Velero on AWS][0]
* [Run Velero on GCP][1] * [Run Velero on GCP][1]
* [Run Velero on Azure][2] * [Run Velero on Azure][2]
* [Use IBM Cloud Object Store as Velero's storage destination][4] * [Use IBM Cloud Object Store as Velero's storage destination][4]
To see the YAML applied by the `velero install` command, use the `--dry-run -o yaml` arguments.
For more complex installation needs, use either the generated YAML, or the Helm chart.
## On-premises ## On-premises
You can run Velero in an on-premises cluster in different ways depending on your requirements. You can run Velero in an on-premises cluster in different ways depending on your requirements.

63
docs/namespace.md
View File

@ -1,72 +1,23 @@
# Run in custom namespace # Run in custom namespace
In Velero version 0.7.0 and later, you can run Velero in any namespace. To do so, you specify the In Velero version 0.7.0 and later, you can run Velero in any namespace.
namespace in the YAML files that configure the Velero server. You then also specify the namespace when
you run Velero client commands.
## Edit the example files
The Velero release tarballs include a set of example configs that you can use to set up your Velero server. The
examples place the server and backup/schedule/restore/etc. data in the `velero` namespace.
To run the server in another namespace, you edit the relevant files, changing `velero` to
your desired namespace.
To store your backups, schedules, restores, and config in another namespace, you edit the relevant
files, changing `velero` to your desired namespace. You also need to create the
`cloud-credentials` secret in your desired namespace.
First, ensure you've [downloaded & extracted the latest release][0]. First, ensure you've [downloaded & extracted the latest release][0].
For all cloud providers, edit `config/common/00-prereqs.yaml`. This file defines: Then, install Velero using the `--namespace` flag:
* CustomResourceDefinitions for the Velero objects (backups, schedules, restores, downloadrequests, etc.) ```bash
* The namespace where the Velero server runs velero install --bucket <YOUR_BUCKET> --provider <YOUR_PROVIDER> --namespace <YOUR_NAMESPACE>
* The namespace where backups, schedules, restores, etc. are stored ```
* The Velero service account
* The RBAC rules to grant permissions to the Velero service account
### AWS
For AWS, edit:
* `config/aws/05-backupstoragelocation.yaml`
* `config/aws/06-volumesnapshotlocation.yaml`
* `config/aws/10-deployment.yaml`
### Azure
For Azure, edit:
* `config/azure/00-deployment.yaml`
* `config/azure/05-backupstoragelocation.yaml`
* `config/azure/06-volumesnapshotlocation.yaml`
### GCP
For GCP, edit:
* `config/gcp/05-backupstoragelocation.yaml`
* `config/gcp/06-volumesnapshotlocation.yaml`
* `config/gcp/10-deployment.yaml`
### IBM
For IBM, edit:
* `config/ibm/05-backupstoragelocation.yaml`
* `config/ibm/10-deployment.yaml`
## Specify the namespace in client commands ## Specify the namespace in client commands
To specify the namespace for all Velero client commands, run: To specify the namespace for all Velero client commands, run:
``` ```bash
velero client config set namespace=<NAMESPACE_VALUE> velero client config set namespace=<NAMESPACE_VALUE>
``` ```

27
docs/restic.md
View File

@ -23,43 +23,29 @@ cross-volume-type data migrations. Stay tuned as this evolves!
### Prerequisites ### Prerequisites
- A working install of Velero version 0.10.0 or later. See [Set up Velero][2]
- A local clone of [the latest release tag of the Velero repository][3]
- Velero's restic integration requires the Kubernetes [MountPropagation feature][6], which is enabled by default in Kubernetes v1.10.0 and later. - Velero's restic integration requires the Kubernetes [MountPropagation feature][6], which is enabled by default in Kubernetes v1.10.0 and later.
### Instructions ### Instructions
1. Ensure you've [downloaded & extracted the latest release][3]. Ensure you've [downloaded latest release][3].
1. In the Velero directory (i.e. where you extracted the release tarball), run the following to create new custom resource definitions: To install restic, use the `--use-restic` flag on the `velero install` command. See the [install overview][2] for more details.
```bash
kubectl apply -f config/common/00-prereqs.yaml
```
1. Run one of the following for your platform to create the daemonset:
Please note: In RancherOS , the path is not `/var/lib/kubelet/pods` , rather it is `/opt/rke/var/lib/kubelet/pods` Please note: In RancherOS , the path is not `/var/lib/kubelet/pods` , rather it is `/opt/rke/var/lib/kubelet/pods`
thereby requires modifying the restic-daemonset.yaml before applying. thereby requires modifying the restic daemonset after installing.
``` ```yaml
hostPath: hostPath:
path: /var/lib/kubelet/pods path: /var/lib/kubelet/pods
``` ```
to to
``` ```yaml
hostPath: hostPath:
path: /opt/rke/var/lib/kubelet/pods path: /opt/rke/var/lib/kubelet/pods
``` ```
- AWS: `kubectl apply -f config/aws/20-restic-daemonset.yaml`
- Azure: `kubectl apply -f config/azure/20-restic-daemonset.yaml`
- GCP: `kubectl apply -f config/gcp/20-restic-daemonset.yaml`
- Minio: `kubectl apply -f config/minio/30-restic-daemonset.yaml`
You're now ready to use Velero with restic. You're now ready to use Velero with restic.
## Back up ## Back up
@ -74,7 +60,7 @@ You're now ready to use Velero with restic.
For example, for the following pod: For example, for the following pod:
```bash ```yaml
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
@ -98,6 +84,7 @@ You're now ready to use Velero with restic.
``` ```
You'd run: You'd run:
```bash ```bash
kubectl -n foo annotate pod/sample backup.velero.io/backup-volumes=pvc-volume,emptydir-volume kubectl -n foo annotate pod/sample backup.velero.io/backup-volumes=pvc-volume,emptydir-volume
``` ```

26
examples/aws/05-backupstoragelocation.yaml
View File

@ -1,26 +0,0 @@
# Copyright 2018 the Velero contributors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
apiVersion: velero.io/v1
kind: BackupStorageLocation
metadata:
name: default
namespace: velero
spec:
provider: aws
objectStorage:
bucket: <YOUR_BUCKET>
config:
region: <YOUR_REGION>

24
examples/aws/06-volumesnapshotlocation.yaml
View File

@ -1,24 +0,0 @@
# Copyright 2018 the Velero contributors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
apiVersion: velero.io/v1
kind: VolumeSnapshotLocation
metadata:
name: aws-default
namespace: velero
spec:
provider: aws
config:
region: <YOUR_REGION>

50
examples/aws/10-deployment-kube2iam.yaml
View File

@ -1,50 +0,0 @@
# Copyright 2018 the Velero contributors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
namespace: velero
name: velero
spec:
replicas: 1
template:
metadata:
labels:
component: velero
annotations:
iam.amazonaws.com/role: arn:aws:iam::<AWS_ACCOUNT_ID>:role/<VELERO_ROLE_NAME>
prometheus.io/scrape: "true"
prometheus.io/port: "8085"
prometheus.io/path: "/metrics"
spec:
restartPolicy: Always
serviceAccountName: velero
containers:
- name: velero
image: gcr.io/heptio-images/velero:latest
ports:
- name: metrics
containerPort: 8085
command:
- /velero
args:
- server
volumeMounts:
- name: plugins
mountPath: /plugins
volumes:
- name: plugins
emptyDir: {}

64
examples/aws/10-deployment.yaml
View File

@ -1,64 +0,0 @@
# Copyright 2017 the Velero contributors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
namespace: velero
name: velero
spec:
replicas: 1
template:
metadata:
labels:
component: velero
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8085"
prometheus.io/path: "/metrics"
spec:
restartPolicy: Always
serviceAccountName: velero
containers:
- name: velero
image: gcr.io/heptio-images/velero:latest
command:
- /velero
args:
- server
## uncomment following line and specify values if needed for multiple provider snapshot locations
# - --default-volume-snapshot-locations=<provider-1:location-1,provider-2:location-2,...>
volumeMounts:
- name: cloud-credentials
mountPath: /credentials
- name: plugins
mountPath: /plugins
- name: scratch
mountPath: /scratch
env:
- name: AWS_SHARED_CREDENTIALS_FILE
value: /credentials/cloud
- name: VELERO_SCRATCH_DIR
value: /scratch
#- name: AWS_CLUSTER_NAME
# value: <YOUR_CLUSTER_NAME>
volumes:
- name: cloud-credentials
secret:
secretName: cloud-credentials
- name: plugins
emptyDir: {}
- name: scratch
emptyDir: {}

69
examples/aws/20-restic-daemonset.yaml
View File

@ -1,69 +0,0 @@
# Copyright 2018 the Velero contributors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: restic
namespace: velero
spec:
selector:
matchLabels:
name: restic
template:
metadata:
labels:
name: restic
spec:
serviceAccountName: velero
securityContext:
runAsUser: 0
volumes:
- name: cloud-credentials
secret:
secretName: cloud-credentials
- name: host-pods
hostPath:
path: /var/lib/kubelet/pods
- name: scratch
emptyDir: {}
containers:
- name: velero
image: gcr.io/heptio-images/velero:latest
command:
- /velero
args:
- restic
- server
volumeMounts:
- name: cloud-credentials
mountPath: /credentials
- name: host-pods
mountPath: /host_pods
mountPropagation: HostToContainer
- name: scratch
mountPath: /scratch
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: VELERO_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: AWS_SHARED_CREDENTIALS_FILE
value: /credentials/cloud
- name: VELERO_SCRATCH_DIR
value: /scratch

63
examples/azure/00-deployment.yaml
View File

@ -1,63 +0,0 @@
# Copyright 2017 the Velero contributors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
namespace: velero
name: velero
spec:
replicas: 1
template:
metadata:
labels:
component: velero
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8085"
prometheus.io/path: "/metrics"
spec:
restartPolicy: Always
serviceAccountName: velero
containers:
- name: velero
image: gcr.io/heptio-images/velero:latest
ports:
- name: metrics
containerPort: 8085
command:
- /velero
args:
- server
## uncomment following line and specify values if needed for multiple provider snapshot locations
# - --default-volume-snapshot-locations=<provider-1:location-1,provider-2:location-2,...>
envFrom:
- secretRef:
name: cloud-credentials
env:
- name: VELERO_SCRATCH_DIR
value: /scratch
volumeMounts:
- name: plugins
mountPath: /plugins
- name: scratch
mountPath: /scratch
volumes:
- name: plugins
emptyDir: {}
- name: scratch
emptyDir: {}
nodeSelector:
beta.kubernetes.io/os: linux

27
examples/azure/05-backupstoragelocation.yaml
View File

@ -1,27 +0,0 @@
# Copyright 2018 the Velero contributors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
apiVersion: velero.io/v1
kind: BackupStorageLocation
metadata:
name: default
namespace: velero
spec:
provider: azure
objectStorage:
bucket: <YOUR_BLOB_CONTAINER>
config:
resourceGroup: <YOUR_STORAGE_RESOURCE_GROUP>
storageAccount: <YOUR_STORAGE_ACCOUNT>

24
examples/azure/06-volumesnapshotlocation.yaml
View File

@ -1,24 +0,0 @@
# Copyright 2018 the Velero contributors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
apiVersion: velero.io/v1
kind: VolumeSnapshotLocation
metadata:
name: azure-default
namespace: velero
spec:
provider: azure
config:
apiTimeout: <YOUR_TIMEOUT>

65
examples/azure/20-restic-daemonset.yaml
View File

@ -1,65 +0,0 @@
# Copyright 2018 the Velero contributors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: restic
namespace: velero
spec:
selector:
matchLabels:
name: restic
template:
metadata:
labels:
name: restic
spec:
serviceAccountName: velero
securityContext:
runAsUser: 0
volumes:
- name: host-pods
hostPath:
path: /var/lib/kubelet/pods
- name: scratch
emptyDir: {}
containers:
- name: velero
image: gcr.io/heptio-images/velero:latest
command:
- /velero
args:
- restic
- server
volumeMounts:
- name: host-pods
mountPath: /host_pods
mountPropagation: HostToContainer
- name: scratch
mountPath: /scratch
envFrom:
- secretRef:
name: cloud-credentials
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: VELERO_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: VELERO_SCRATCH_DIR
value: /scratch

24
examples/gcp/05-backupstoragelocation.yaml
View File

@ -1,24 +0,0 @@
# Copyright 2018 the Velero contributors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
apiVersion: velero.io/v1
kind: BackupStorageLocation
metadata:
name: default
namespace: velero
spec:
provider: gcp
objectStorage:
bucket: <YOUR_BUCKET>

23
examples/gcp/06-volumesnapshotlocation.yaml
View File

@ -1,23 +0,0 @@
# Copyright 2018 the Velero contributors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
apiVersion: velero.io/v1
kind: VolumeSnapshotLocation
metadata:
name: gcp-default
namespace: velero
spec:
provider: gcp
config: {}

65
examples/gcp/10-deployment.yaml
View File

@ -1,65 +0,0 @@
# Copyright 2018 the Velero contributors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
namespace: velero
name: velero
spec:
replicas: 1
template:
metadata:
labels:
component: velero
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8085"
prometheus.io/path: "/metrics"
spec:
restartPolicy: Always
serviceAccountName: velero
containers:
- name: velero
image: gcr.io/heptio-images/velero:latest
ports:
- name: metrics
containerPort: 8085
command:
- /velero
args:
- server
## uncomment following line and specify values if needed for multiple provider snapshot locations
# - --default-volume-snapshot-locations=<provider-1:location-1,provider-2:location-2,...>
volumeMounts:
- name: cloud-credentials
mountPath: /credentials
- name: plugins
mountPath: /plugins
- name: scratch
mountPath: /scratch
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /credentials/cloud
- name: VELERO_SCRATCH_DIR
value: /scratch
volumes:
- name: cloud-credentials
secret:
secretName: cloud-credentials
- name: plugins
emptyDir: {}
- name: scratch
emptyDir: {}

69
examples/gcp/20-restic-daemonset.yaml
View File

@ -1,69 +0,0 @@
# Copyright 2018 the Velero contributors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: restic
namespace: velero
spec:
selector:
matchLabels:
name: restic
template:
metadata:
labels:
name: restic
spec:
serviceAccountName: velero
securityContext:
runAsUser: 0
volumes:
- name: cloud-credentials
secret:
secretName: cloud-credentials
- name: host-pods
hostPath:
path: /var/lib/kubelet/pods
- name: scratch
emptyDir: {}
containers:
- name: velero
image: gcr.io/heptio-images/velero:latest
command:
- /velero
args:
- restic
- server
volumeMounts:
- name: cloud-credentials
mountPath: /credentials
- name: host-pods
mountPath: /host_pods
mountPropagation: HostToContainer
- name: scratch
mountPath: /scratch
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: VELERO_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /credentials/cloud
- name: VELERO_SCRATCH_DIR
value: /scratch