LightBeam Cluster Backup & Restore using Velero

Why Velero

Velero is a powerful tool designed for backup and restore operations within Kubernetes clusters. Here's why Velero might be the right choice for you:

• Data Protection: Velero helps protect your applications and data by taking backups of your entire cluster or selected resources. It enables you to capture a consistent snapshot of your applications and their associated volumes, ensuring that you can recover your data in case of accidental deletions, hardware failures, or other disasters.

• Application Mobility: With Velero, you can easily migrate your applications and data between Kubernetes clusters. It provides a seamless way to transfer your workloads and associated resources from one cluster to another, helping with cluster upgrades, cloud migrations, or setting up disaster recovery environments.

• Selective Backup and Restore: Velero allows you to define backup schedules and specify which resources to include or exclude from backups. You can choose to back up entire namespaces, specific applications, or even individual resources. This flexibility enables you to customize your backup and restore operations based on your specific needs.

• Consistency and Data Integrity: Velero ensures the integrity of your backups by capturing a point-in-time snapshot of your applications and their associated volumes. It maintains the consistency of your data by coordinating the backup process with the underlying storage provider, ensuring that all data is captured accurately.

• Incremental Backups: Velero supports incremental backups, which means that after the initial full backup, subsequent backups only capture the changes made since the last backup. This approach reduces backup time and storage requirements while still providing a comprehensive backup history.

• Restoration Flexibility: Velero allows you to restore your applications and data to the same cluster or a different cluster. You can recover individual resources, entire namespaces, or even the entire cluster. This flexibility enables you to perform granular or full-scale restores as needed.

• Extensibility: Velero is extensible and can be integrated with various storage providers and cloud platforms. It supports different object storage solutions, allowing you to choose the most suitable option for your backup storage needs. It also provides hooks for executing custom pre- and post-backup/restore operations, enabling you to perform additional tasks or integrations during the backup and restore process.

Requirements

For the clustering services if the volume of one of the replicas becomes unavailable then a new volume for the replica should work which means clustering should take care of the data.

Note: To get the Backup and restore scripts email us at: support@lightbeam.ai

Install Velero CLI

Velero utilizes an AWS S3-compliant object store for backup storage. In this guide, we'll use AWS S3 as our storage solution.

• Linux:

wget https://github.com/vmware-tanzu/velero/releases/download/v1.11.0/velero-v1.11.0-linux-amd64.tar.gz
tar -xvf velero-v1.11.0-linux-amd64.tar.gz
mv velero-v1.11.0-linux-amd64/velero /usr/local/bin

• Mac:

brew install velero

Configure OIDC Identity Provider:

To create an IAM OIDC identity provider for your cluster with the AWS Management Console
- Open the Amazon EKS console at https://console.aws.amazon.com/eks/home#/clusters.
- In the left pane, select Clusters, and then select the name of your cluster on the Clusters page.
- In the Details section on the Overview tab, note the value of the OpenID Connect provider URL.
- Open the IAM console at https://console.aws.amazon.com/iam/.
- In the left navigation pane, choose Identity Providers under Access Management. If a Provider is listed that matches the URL for your cluster, then you already have a provider for your cluster. If a provider isn't listed that matches the URL for your cluster, then you must create one.
- To create a provider, choose Add provider.
- For Provider type, select OpenID Connect.
- For Provider URL, enter the OIDC provider URL for your cluster, and then choose Get thumbprint.
- For Audience, enter sts.amazonaws.com and choose Add provider.

Install python modules:

pip install -r requirements.txt

LightBeam Spectra:

EKS Cluster / LightBeam Cluster

• Nature: Stateful services, serving as Metadata.

• Storage: Uses persistent volumes. Everything resides within the same cluster and AWS account.

Cluster Components

• Compute: These are EC2 nodes that function as the worker nodes of the EKS Cluster.

• Storage: The cluster uses EBS (Elastic Block Store) volumes for persistent storage.

Backup Strategy:

• The complete lightbeam namespace undergoes backup, facilitating easy restoration on the same or an alternate cluster.

• Depending on the chosen cloud provider, it's essential to use a volume snapshot CSI driver. This necessitates the configuration of a backup location for both storage and subsequent retrieval of backups.

Install velero plugins and take backup:

python velero.py --install --backup --provider aws

Note: We need to make sure velero is installed on the K8s cluster before taking a backup or performing a restore operation and velero can be installed using --install flag while taking backup performing store with required environment variables or providing input as prompt to the command.

• The command requires the following input:

BUCKET_NAME (name of the bucket where backups will be stored)
AWS_REGION (AWS region)
AWS_ACCOUNT_ID (AWS account identifier)
EKS_OIDC_PROVIDER_URL (remove the https://)

above values can be set through the environment or passed as input as the above script prompts for input. ex:

export BUCKET_NAME="test"
export AWS_REGION="us-east-1"
export AWS_ACCOUNT_ID="12345678980"
export EKS_OIDC_PROVIDER_URL="oidc.eks.us-east-1.amazonaws.com/id/7346878943434163424141"

Perform a backup on the same K8s cluster:

cd lightbeam-chart/installer/velero-backup-restore/
python velero.py --backup --provider aws

Perform restore on same K8s cluster:

cd lightbeam-chart/installer/velero-backup-restore/
python velero.py --restore --provider aws

LightBeam PrivacyOps:

Perform a backup on the same K8s cluster:

cd lightbeam-chart/installer/velero-backup-restore/
python velero.py --backup --provider aws --privacy_ops

Perform restore on same K8s cluster:

cd lightbeam-chart/installer/velero-backup-restore/
python velero.py --restore --provider aws --privacy_ops

Backup Operations with Velero CLI:

• Create a Backup:

  Copy

  velero backup create lb-backup --include-namespaces lightbeam

• List Backups:

  Copy

  velero backup get

• Check Logs of a Backup:

  Copy

  velero backup logs <backup-name>

• Describe a Backup:

  Copy

  velero backup describe <backup-name>

• Delete a Backup:

  Copy

  velero backup delete <backup-name>

Configure Schedule

The Schedule API type is used as a repeatable request for the Velero server to perform a backup for a given cron notation. Once created, the Velero Server will start the backup process. It will then wait for the next valid point of the given cron expression and execute the backup process on a repeating basis.

When we install the velero server-side component on the EKS cluster we also create a cron schedule to take backup of the entire EKS cluster on a daily basis and default retention is 9 days.

• List Schedules:

velero schedule get

• Describe a Schedule:

velero schedule describe <schedule-name>

Restore Operations with Velero CLI:

• Create a Restore:

  Copy

  velero restore create 

• List Restores:

  Copy

  velero get restores

• Describe a Restore:

  Copy

  velero describe restore <restore-name>

• Check Logs of a Restore:

  Copy

  velero restore logs <restore-name>

• Delete a Restore:

  Copy

  velero restore delete <restore-name>

• Uninstall Velero:

  Copy

  kubectl delete namespace/velero clusterrolebinding/velero
  kubectl delete cards -l component=velero