Scheduled Management Backups

Backups should be run on a schedule consistent with the policy requirements of the environment. For example a production environment might be set for "daily" backups, while a testing environment is set for "weekly".

Preparation

Note

The following instructions are tailored for AWS. Please adapt them to your chosen platform and storage.

Before you create a manual one-off or scheduled backup, review the steps below and update your configuration accordingly:

1. Verify whether the velero plugins have been installed as suggested in Velero installation. If the velero plugins with the desired storage option are already configured, please skip the next step.

2. If no velero plugins have yet been installed in your k0rdent cluster, start by getting the kcm management yaml file:

   kubectl get management kcm -n kcm-system -o yaml > management.yaml
   

   then edit the management.yaml file so that the velero plugin details are filled in under spec.core.kcm:

   apiVersion: k0rdent.mirantis.com/v1alpha1
   kind: Management
   metadata:
     name: kcm
   spec:
     # ... 
     core:
       kcm:
         config:
           velero:
             initContainers:
             - name: velero-plugin-for-<PROVIDER-NAME>
               image: velero/velero-plugin-for-<PROVIDER-NAME>:<PROVIDER-PLUGIN-TAG>
               imagePullPolicy: IfNotPresent
               volumeMounts:
               - mountPath: /target
                 name: plugins
     # ...
   

   Please review Velero's Docker Hub image plugin repositories to help identify the required <PROVIDER-NAME>. Once the required image has been identified, select from the available tags to determine the correct <PROVIDER-PLUGIN-TAG>. In the case of AWS, the provider-name would be velero-plugin-for-aws, we can select from the available tags.

3. Prepare a storage location, such as an Amazon S3 bucket, to store k0rdent backups.

4. Prepare a yaml file containing a BackupStorageLocation object referencing a Secret with credentials to access the cloud storage (if the multiple credentials feature is supported by the plugin). For example, you can create the BackupStorageLocation and the related Secret yaml for the Amazon S3 configuration by following these steps.

   First create a file called credentials.txt with your credentials, as in:

   [default]
   aws_access_key_id = EXAMPLE_ACCESS_KEY_ID
   aws_secret_access_key = EXAMPLE_SECRET_ACCESS_KEY
   

   The IAM user being used in this configuration will require certain permissions for the appropriate Velero S3 bucket access. Review the necessary permissions here (reference the JSON policy file named velero-policy.json -- take care to replace ${BUCKET} with the correct bucket name).

   Generate the necessary base64-encoded credentials using:

   base64 -w0 credentials.txt; echo
   

   Use this base64 value in the data.cloud field in the creds-and-backup-storage-location.yaml you'll create next. Also make sure to substitute the appropriate REGION-NAME and BUCKET-NAME:

   ---
   apiVersion: v1
   data:
     # base64-encoded credentials for Amazon S3 in the following format:
     # [default]
     # aws_access_key_id = EXAMPLE_ACCESS_KEY_ID
     # aws_secret_access_key = EXAMPLE_SECRET_ACCESS_KEY
     cloud: <BASE64_VALUE>
   kind: Secret
   metadata:
     name: cloud-credentials
     namespace: kcm-system
   type: Opaque
   ---
   apiVersion: velero.io/v1
   kind: BackupStorageLocation
   metadata:
     name: aws-s3
     namespace: kcm-system
   spec:
     config:
       region: <REGION-NAME>
     default: true # optional, if not set, then storage location name must always be set in ManagementBackup
     objectStorage:
       bucket: <BUCKET-NAME>
     provider: aws
     backupSyncPeriod: 1m
     credential:
       name: cloud-credentials
       key: cloud
   EOF
   

5. Create the necessary Kubernetes resources in your k0rdent cluster by applying the YAML to the management cluster:

   kubectl apply -f creds-and-backup-storage-location.yaml
   kubectl apply -f management.yaml
   

6. Confirm that the previous steps were applied correctly:

   kubectl get management kcm -n kcm-system -o yaml
   

   The management configuration yaml should have the new velero plugin details, as shown in step 2.

   Now make sure the backupstoragelocation shows as Available:

   kubectl get backupstoragelocation -n kcm-system
   

   NAME     PHASE       LAST VALIDATED   AGE   DEFAULT
   aws-s3   Available   27s              2d    true
   

   You can get more information on how to build these objects at the official Velero documentation.

Create a Management Backup

Periodic backups are handled by a ManagementBackup object, which uses a Cron expression for its .spec.schedule field. If the .spec.schedule field is not set, a backup on demand will be created instead.

Optionally, set the name of the .spec.backup.storageLocation of the BackupStorageLocation object. The default location is the BackupStorageLocation object with .spec.default set to true.

For example, you can create a ManagementBackup object that backs up to the storage object created in the preparation step every 6 hours (ref: Kubernetes CronJob schedule syntax, "Vixie cron" step values). Create a YAML file called scheduled-backup.yaml:

apiVersion: k0rdent.mirantis.com/v1alpha1
kind: ManagementBackup
metadata:
  name: kcm
spec:
  schedule: "0 */6 * * *"
  storageLocation: aws-s3
EOF

Start the scheduled backup process by applying the YAML to the cluster:

kubectl apply -f scheduled-backup.yaml

Confirm the backup creation was successful by navigating to the appropriate storage console UI or from the command line:

kubectl get managementbackup

The managementbackup should show as Completed:

NAME              LASTBACKUPSTATUS   NEXTBACKUP   AGE
example-backup    Completed                       8m