Restoring From Backup

Note

Please refer to the official migration documentation to familiarize yourself with potential limitations of the Velero backup system.

In the event of disaster, you can restore from a backup by doing the following:

1. Create a clean k0rdent installation, including velero and its plugins. Specifically, you want to avoid creating a Management object and similar objects because they will be part of your restored cluster. You can remove these objects after installation, but you can also install k0rdent without them in the first place:

   helm install kcm oci://ghcr.io/k0rdent/kcm/charts/kcm \
    --version <version> \
    --create-namespace \
    --namespace kcm-system \
    --set controller.createManagement=false \
    --set controller.createAccessManagement=false \
    --set controller.createRelease=false \
    --set controller.createTemplates=false \
    --set velero.initContainers[0].name=velero-plugin-for-<provider-name> \
    --set velero.initContainers[0].image=velero/velero-plugin-for-<provider-name>:<provider-plugin-tag> \
    --set velero.initContainers[0].volumeMounts[0].mountPath=/target \
    --set velero.initContainers[0].volumeMounts[0].name=plugins
   

2. Create the BackupStorageLocation/Secret objects that were created during the preparation stage of creating a backup (preferably the same depending on a plugin).

3. Restore the kcm system creating the Restore object. Note that it is important to set the .spec.existingResourcePolicy field value to update:

   apiVersion: velero.io/v1
   kind: Restore
   metadata:
     name: <restore-name>
     namespace: kcm-system
   spec:
     backupName: <backup-name>
     existingResourcePolicy: update
     includedNamespaces:
     - '*'
   

4. Wait until the Restore status is Completed and all kcm components are up and running.

Caveats

For some CAPI providers it is necessary to make changes to the Restore object due to the large number of different resources and logic in each provider. The resources described below are not excluded from a ManagementBackup by default to avoid logical dependencies on one or another provider, and to create a provider-agnostic system.

Note

The described caveats apply only to the Restore object creation step and do not affect the other steps.

Azure (CAPZ)

The following resources should be excluded from the Restore object:

• natgateways.network.azure.com
• resourcegroups.resources.azure.com
• virtualnetworks.network.azure.com
• virtualnetworkssubnets.network.azure.com

Due to the webhook conversion, objects of these resources cannot be restored, and they will be created in the management cluster by the CAPZ provider automatically with the same spec as in the backup.

The resulting Restore object:

apiVersion: velero.io/v1
kind: Restore
metadata:
  name: <restore-name>
  namespace: kcm-system
spec:
  backupName: <backup-name>
  existingResourcePolicy: update
  excludedResources:
  - natgateways.network.azure.com
  - resourcegroups.resources.azure.com
  - virtualnetworks.network.azure.com
  - virtualnetworkssubnets.network.azure.com
  includedNamespaces:
  - '*'

vSphere (CAPV)

The following resources should be excluded from the Restore object:

• mutatingwebhookconfiguration.admissionregistration.k8s.io
• validatingwebhookconfiguration.admissionregistration.k8s.io

Due to the Velero Restoration Order, some of the CAPV core objects cannot be restored, and they will not be recreated automatically. Because all of the objects have already passed both mutations and validations, there is not much sense in validating them again. The webhook configurations will be restored during installation of the CAPV provider.

The resulting Restore object:

apiVersion: velero.io/v1
kind: Restore
metadata:
  name: <restore-name>
  namespace: kcm-system
spec:
  backupName: <backup-name>
  existingResourcePolicy: update
  excludedResources:
  - mutatingwebhookconfiguration.admissionregistration.k8s.io
  - validatingwebhookconfiguration.admissionregistration.k8s.io
  includedNamespaces:
  - '*'