Installing Velero
Velero is a backup, recovery, and migration tool for Managed Service for Kubernetes cluster objects, including persistent volumes. With Velero, you can:
- Protect your data from loss using a flexible backup system.
- Recover a Managed Service for Kubernetes cluster faster if it goes down.
- Move your data from one Managed Service for Kubernetes cluster to another.
Velero uses the Container Storage Interface driver to create backups and restore persistent volumes from Yandex Cloud disk snapshots.
Getting started
-
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder specified when creating the CLI profile is used by default. To change the default folder, use the
yc config set folder-id <folder_ID>command. You can specify a different folder using the--folder-nameor--folder-idparameter. -
Create a service account needed to access Yandex Object Storage.
yc iam service-account create --name <service_account_name> -
Assign the
storage.editorrole to the service account:yc resource-manager folder add-access-binding <folder_ID> \ --role storage.editor \ --subject serviceAccount:<service_account_ID> -
Create a static access key for your service account.
-
If installing Velero in the management console using Yandex Cloud Marketplace, create a static key in JSON format and save it to the
sa-key.jsonfile:yc iam access-key create \ --service-account-name=<service_account_name> \ --format=json > sa-key.json -
If installing Velero using a Helm chart, run the following command and save the
key_idandsecretkey you get:yc iam access-key create \ --service-account-name=<service_account_name>
-
-
Make sure that the security groups for the Managed Service for Kubernetes cluster and its node groups are configured correctly. If any rule is missing, add it.
Warning
The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.
-
Make sure you have enough disk snapshot and disk size quotas to create a backup. To do this, you can use the service for viewing quotas.
Installation using Yandex Cloud Marketplace
- Navigate to the folder dashboard and select Managed Service for Kubernetes.
- Click the name of the Managed Service for Kubernetes cluster you need and select the Marketplace tab.
- Under Application available for installation, select Velero and click Go to install.
- Configure the application:
-
Namespace: Create a namespace named
velero. The application uses it by default. If you leave the default namespace, Velero may work incorrectly.Note
If you create a namespace with a different name, you will need to specify it in every command using the
--namespace <Velero_application_namespace>parameter. -
Application name: Specify the application name.
-
Object Storage static access key: Copy the contents of the
sa-key.jsonfile or create a new access key for the service account. The service account must have thestorage.editorrole. -
Object Storage bucket name: Specify the name of the Object Storage bucket.
-
- Click Install.
- Wait for the application to change its status to
Deployed.
Installation using a Helm chart
-
Install Helm v3.8.0 or higher.
-
Install kubect and configure it to work with the new cluster.
-
To install a Helm chart with Velero, run the following command, specifying the parameters of the resources you created earlier:
helm pull oci://cr.yandex/yc-marketplace/yandex-cloud/velero/velero \ --version 8.5.0-4 \ --untar && \ helm install \ --namespace velero \ --create-namespace \ --set configuration.backupStorageLocation.bucket=<bucket_name> \ --set serviceaccountawskeyvalue_generated.accessKeyID=<key_ID> \ --set serviceaccountawskeyvalue_generated.secretAccessKey=<secret_key> \ velero ./velero/Note
If you are using a Helm version below 3.8.0, append the
export HELM_EXPERIMENTAL_OCI=1 && \string to the command to enable Open Container Initiative (OCI) support in the Helm client.