Velero

• Website
• Docs
  • Custom resource and controllers
• Helmchart
• Docker hub image
• Supported providers
• Volume snapshots possible
• No native encryption at rest
• 3rd party controllers
  • velero-volume-controller
    • detects and adds relevant backup annotation to pods with volumes
    • Last commit 2022
  • velero-pvc-watcher
    • detects PVCs with no restic backup and exposes a prometheus metric
    • Last commit 2021

Needs object store provider for backup

Limitations

• hostPath volumes are not supported, but the local-path volume type is supported.
• Volumes that are mounted with subPath are still backed up as a whole, not only the subPath

Install

• Installation options

Arch: pamac install velero-bin

Usage

• Stackspin velero docs

Important: A root-level backup bucket needs to exist. Create a bucket:

mc mb varac/velero

Manual backup:

velero create backup BACKUP_NAME --exclude-namespaces velero --wait

List backups:

velero get backups
kubectl get -A backups

Details of backup:

velero backup describe --details manual-test1
velero backup logs velero-daily-20240924153213

List backupstoragelocations:

kubectl get -A backupstoragelocations.velero.io
velero get backup-locations

List backuprepositories:

k get -A backuprepositories.velero.io
velero repo get

List podvolumebackups:

kubectl get -A podvolumebackups.velero.io

List podVolumes in backup set:

velero backup describe --details -o json manual3 | jq .status.backupVolumes.podVolumeBackups.podVolumeBackupsDetails

Delete backups

Docs: Deleting Backups

Delete the backup custom resource only and will not delete any associated data from object/block storage:

kubectl delete backup <backupName> -n <veleroNamespace>

Delete the backup resource including all data in object/block storage:

velero backup delete <backupName>

Delete whole backuprepository:

kubectl -n velero delete backuprepositories.velero.io/monitoring-default-restic-tqx9l

File System Backup

• Docs: File System Backup
• local-path-provisioner lacks VolumeSnapshot support
• Re-evaluate velero as backup solution
• hostPath volumes are not supported. Local persistent volumes are supported.

Restic/Kopia repositorz password:

• No way to override restic password: Enable users to set restic repo passwords
• Support changing existing backup repository password

Solution:

• Create repo password secret before installing velero

Restic integration

• Restic limitations

Issues:

• When files are altered/removed during backup Restic logs errors which lead to a PartiallyFailed backup job: Error thrown for empty files during backup

Monitoring

• Velero comes with a native metrics exporter
• Official Kubernetes/Tanzu/Velero dashboard
• Obsolete: prometheus-velero-exporter
  • Related Grafana dashboard: Velero Exporter Overview
• Example Prometheus Rule to monitor Velero seems bad