Kubernetes Backup with Velero

Velero es código abierto Kubernetes copia de seguridad and restore solution que permite disaster recuperación, migration, and compliance for Kubernetes clústers. Esta guía cubre installation, copia de seguridad scheduling, restore operations, volumen snapshots, clúster migration, and configuring S3-compatible object almacenamiento backends for your VPS and baremetal Kubernetes infrastructure.

Tabla de contenidos

Velero Overview
Instalaation
Storage Backend Configuration
[Backup Operations](#copia de seguridad-operations)
Restore Operations
Volume Snapshots
Cluster Migration
Advanced Configuration
Conclusion

Velero Overview

What is Velero?

Velero is a copia de seguridad and restore solution for Kubernetes that:

Backs up clúster resources and persistente volumens
Schedules automated copia de seguridads
Restores to original or different clústers
Migrates resources between clústers
Enables disaster recuperación workflows

Components

Velero Server: Runs in the clúster, manages copia de seguridads/restores

Velero CLI: Command-line tool for copia de seguridad operations

Plugins: Integration with almacenamiento backends (S3, Azure, vSphere, AWS, etc.)

Restores: Apply backed-up resources to clústers

Instalación

Requisitos previos

Kubernetes v1.16+
kubectl configured
Object almacenamiento (S3, MinIO, S3-compatible)
AWS account or MinIO setup (optional)

Instalaing Velero CLI

On Linux:

wget https://github.com/vmware-tanzu/velero/releases/download/v1.12.1/velero-v1.12.1-linux-amd64.tar.gz
tar -xzf velero-v1.12.1-linux-amd64.tar.gz
sudo mv velero-v1.12.1-linux-amd64/velero /usr/local/bin/
velero version

On macOS:

brew install velero
velero version

Instalaing Velero in Kubernetes

Create credentials file for S3:

cat << EOF > credentials-velero
[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
EOF

Instala Velero:

velero install \
  --provider aws \
  --plugins velero/velero-plugin-for-aws:v1.8.1 \
  --bucket velero-backups \
  --secret-file ./credentials-velero \
  --use-volume-snapshots=true \
  --snapshot-location-config snapshotLocation=us-east-1 \
  --use-mutatingleiamingestaddin=true \
  --wait

Verifica la instalación:

kubectl get pods -n velero
velero version

Storage Backend Configuration

AWS S3 Backend

Configura for AWS S3:

velero install \
  --provider aws \
  --plugins velero/velero-plugin-for-aws:v1.8.1 \
  --bucket velero-backups \
  --secret-file ./credentials-velero \
  --use-volume-snapshots=true \
  --snapshot-location-config snapshotLocation=us-east-1 \
  --prefix production \
  --wait

MinIO Backend

For on-premises S3-compatible almacenamiento:

# Create credentials file
cat << EOF > minio-credentials
[default]
aws_access_key_id=minioadmin
aws_secret_access_key=minioadmin
EOF

# Install Velero with MinIO
velero install \
  --provider aws \
  --plugins velero/velero-plugin-for-aws:v1.8.1 \
  --bucket velero-backups \
  --secret-file ./minio-credentials \
  --use-volume-snapshots=false \
  --backup-location-config s3Url=https://minio.example.com:9000 \
  --wait

Multiple Backup Locations

Create copia de seguridad locations programmatically:

apiVersion: velero.io/v1
kind: BackupStorageLocation
metadata:
  name: aws-us-east-1
  namespace: velero
spec:
  provider: aws
  objectStorage:
    bucket: velero-backups-east
  config:
    region: us-east-1
---
apiVersion: velero.io/v1
kind: BackupStorageLocation
metadata:
  name: aws-us-west-2
  namespace: velero
spec:
  provider: aws
  objectStorage:
    bucket: velero-backups-west
  config:
    region: us-west-2

Azure Backend

Configura Azure Blob Storage:

velero install \
  --provider azure \
  --plugins velero/velero-plugin-for-microsoft-azure:v1.8.0 \
  --bucket velero \
  --secret-file ./azure-credentials \
  --use-volume-snapshots=true \
  --snapshot-location-config snapshotLocation=eastus \
  --wait

Backup Operations

On-Demand Backup

Create immediate copia de seguridad:

velero backup create production-backup-$(date +%Y%m%d-%H%M%S)

With include/exclude filters:

velero backup create full-backup \
  --include-namespaces production,monitoring \
  --exclude-namespaces kube-system,velero

Backup specific resources:

velero backup create app-backup \
  --include-resources deployments,services,configmaps \
  --exclude-namespaces kube-system

Scheduled Backups

Crea un copia de seguridad schedule:

velero schedule create daily-backup \
  --schedule "0 2 * * *" \
  --include-namespaces production \
  --ttl 720h

List schedules:

velero schedule get
velero schedule describe daily-backup

Backup Configuration

Full copia de seguridad example with scheduling:

velero schedule create production-daily \
  --schedule "0 2 * * *" \
  --include-namespaces production,monitoring \
  --exclude-namespaces kube-system,kube-public \
  --ttl 2160h \
  --wait

Viewing Backups

List all copia de seguridads:

velero backup get

Get copia de seguridad details:

velero backup describe production-backup-20240101-120000

View copia de seguridad logs:

velero backup logs production-backup-20240101-120000

Restore Operations

Basic Restore

Restore latest copia de seguridad:

velero restore create --from-backup production-backup-20240101-120000

Restore with filtering:

velero restore create production-restore \
  --from-backup production-backup-20240101-120000 \
  --include-namespaces production \
  --include-resources deployments,services,configmaps

Selective Namespace Restore

Restore to different espacio de nombres:

velero restore create restore-to-staging \
  --from-backup production-backup-20240101-120000 \
  --namespace-mappings production:staging

Restore with Resource Modification

Restore and modify resources:

# Use restore hooks to modify resources during restore
cat << 'EOF' > restore-actions.yaml
apiVersion: velero.io/v1
kind: Restore
metadata:
  name: production-restore
spec:
  backupName: production-backup-20240101-120000
  hooks:
    resources:
    - name: update-database-config
      includedNamespaces:
      - production
      includedResources:
      - configmaps
      labelSelector:
        matchLabels:
          app: database
      postHooks:
      - exec:
          container: config-updater
          command: ["/scripts/update-db-config.sh"]
          waitTimeout: 5m
EOF

kubectl apply -f restore-actions.yaml

Monitor Restore Progress

velero restore get
velero restore describe production-restore --details
velero restore logs production-restore

Volume Snapshots

EBS Volume Snapshots

Configura snapshot locations:

apiVersion: velero.io/v1
kind: VolumeSnapshotLocation
metadata:
  name: aws-snapshot-location
  namespace: velero
spec:
  provider: aws
  config:
    region: us-east-1
    snapshotLocation: us-east-1a

Enable for copia de seguridads:

velero backup create volume-backup \
  --snapshot-locations aws-snapshot-location \
  --volume-snapshot-locations aws-snapshot-location

Snapshot Retention

Set retention policy:

velero backup create data-backup \
  --ttl 720h \
  --snapshot-move-data=false

List Snapshots

velero snapshot-location get

Cluster Migration

Pre-Migration Steps

Backup source clúster
Prepare target clúster
Configura same copia de seguridad location

Migration Process

On source clúster, create full copia de seguridad:

velero backup create migration-backup \
  --include-namespaces "*" \
  --exclude-namespaces kube-system,kube-public,kube-node-lease

On target clúster:

Instala Velero with same copia de seguridad location
Wait for copia de seguridad to be available

velero backup get

Restore from copia de seguridad:

velero restore create migration-restore \
  --from-backup migration-backup \
  --wait

Migrating to Different Storage Class

Use restore transformation:

velero restore create storage-upgrade \
  --from-backup migration-backup \
  --skip-api-validation-crds

Or use patch during restore:

apiVersion: velero.io/v1
kind: Restore
metadata:
  name: storage-class-migrate
spec:
  backupName: migration-backup
  hooks:
    resources:
    - name: change-storage-class
      includedResources:
      - persistentvolumeclaims
      postHooks:
      - exec:
          container: kubectl
          command: ["/bin/sh", "-c"]
          args:
          - "kubectl patch pvc --all -p '{\"spec\":{\"storageClassName\":\"fast-ssd\"}}'"

Configuración avanzada

Custom Velero Configuration

Create custom Velero implementación:

apiVersion: v1
kind: ConfigMap
metadata:
  name: velero-config
  namespace: velero
data:
  enable-restic: "true"
  restic-timeout: "24h"
  restore-only: "false"
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: velero
  namespace: velero
spec:
  template:
    spec:
      containers:
      - name: velero
        args:
        - server
        - --features=EnableCSI
        env:
        - name: VELERO_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: AWS_SHARED_CREDENTIALS_FILE
          value: /credentials/cloud

Backup Retention Policies

Implement automatic cleanup:

# Set TTL (time to live) for backups
velero schedule create daily-backups \
  --schedule "0 2 * * *" \
  --ttl 720h \
  --include-namespaces production

Restic for PV Backup

Enable Restic for volumen copia de seguridads:

velero install \
  --use-restic \
  --restic-timeout 24h

Specify which volumens to copia de seguridad:

apiVersion: v1
kind: Pod
metadata:
  name: app-with-volume
  annotations:
    backup.velero.io/backup-volumes: data,logs
spec:
  volumes:
  - name: data
    persistentVolumeClaim:
      claimName: data-pvc
  - name: logs
    persistentVolumeClaim:
      claimName: logs-pvc

Practical Examples

Ejemplo: Production Backup and Restore Strategy

# Daily incremental backups
velero schedule create production-daily \
  --schedule "0 2 * * *" \
  --include-namespaces production \
  --exclude-namespaces kube-system \
  --ttl 2160h \
  --wait

# Weekly full backups with longer retention
velero schedule create production-weekly \
  --schedule "0 3 * * 0" \
  --include-namespaces "*" \
  --exclude-namespaces kube-system,kube-public \
  --ttl 4320h \
  --wait

# View schedules
velero schedule get

# Test restore process monthly
velero backup create monthly-test-backup
velero restore create monthly-test-restore --from-backup monthly-test-backup --wait

Ejemplo: Disaster Recovery Workflow

# Production cluster backup
velero backup create dr-backup-$(date +%Y%m%d) \
  --include-namespaces production,monitoring,ingress-nginx \
  --snapshot-volumes \
  --wait

# Verify backup completion
velero backup describe dr-backup-20240101

# If disaster occurs, restore to new cluster
# 1. Install Velero on new cluster with same storage location
# 2. Restore backup
velero restore create disaster-recovery \
  --from-backup dr-backup-20240101 \
  --wait

# Monitor restore
velero restore describe disaster-recovery --details

Conclusión

Velero is essential for Kubernetes disaster recuperación, migration, and compliance on VPS and baremetal infrastructure. By implementing automated copia de seguridad schedules, regularly testing restore procedures, and leveraging volumen snapshots, you create a robust copia de seguridad and recuperación strategy. Start with simple daily copia de seguridads of production espacio de nombress, progressively add scheduled snapshots for faster recuperación, and regularly test restore procedures to ensure copia de seguridad integrity. Maintain clear documentation of your copia de seguridad strategy and recuperación procedures for your operations team.

Copia de seguridad de Kubernetes con Velero