Documentation for version v0.11.0 is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see the latest version.
You can deploy Velero on IBM Public or Private clouds, or even on any other Kubernetes cluster, but anyway you can use IBM Cloud Object Store as a destination for Velero’s backups.
To set up IBM Cloud Object Storage (COS) as Velero’s destination, you:
Download the latest release’s tarball for your client platform.
Extract the tarball:
tar -xvf <RELEASE-TARBALL-NAME>.tar.gz -C /dir/to/extract/to
We’ll refer to the directory you extracted to as the “Velero directory” in subsequent steps.
Move the velero
binary from the Velero directory to somewhere in your PATH.
We strongly recommend that you use an
official release of Velero. The tarballs for each release contain the
velero
command-line client and version-specific sample YAML files for deploying Velero to your cluster. The code and sample YAML files in the main
branch of the Velero repository are under active development and are not guaranteed to be stable. Use them at your own risk!
If you don’t have a COS instance, you can create a new one, according to the detailed instructions in Creating a new resource instance.
Velero requires an object storage bucket to store backups in. See instructions in Create some buckets to store your data.
The process of creating service credentials is described in Service credentials. Several comments:
The Velero service will write its backup into the bucket, so it requires the “Writer” access role.
Velero uses an AWS S3 compatible API. Which means it authenticates using a signature created from a pair of access and secret keys — a set of HMAC credentials. You can create these HMAC credentials by specifying {“HMAC”:true}
as an optional inline parameter. See step 3 in the
Service credentials guide.
After successfully creating a Service credential, you can view the JSON definition of the credential. Under the cos_hmac_keys
entry there are access_key_id
and secret_access_key
. We will use them in the next step.
Create an Velero-specific credentials file (credentials-velero
) in your local directory:
[default]
aws_access_key_id=<ACCESS_KEY_ID>
aws_secret_access_key=<SECRET_ACCESS_KEY>
where the access key id and secret are the values that we got above.
In the Velero directory (i.e. where you extracted the release tarball), run the following to first set up namespaces, RBAC, and other scaffolding. To run in a custom namespace, make sure that you have edited the YAML files to specify the namespace. See Run in custom namespace.
kubectl apply -f config/common/00-prereqs.yaml
Create a Secret. In the directory of the credentials file you just created, run:
kubectl create secret generic cloud-credentials \
--namespace <VELERO_NAMESPACE> \
--from-file cloud=credentials-velero
Specify the following values in the example files:
In config/ibm/05-backupstoragelocation.yaml
:
<YOUR_BUCKET>
, <YOUR_REGION>
and <YOUR_URL_ACCESS_POINT>
. See the
BackupStorageLocation definition for details.(Optional) If you run the nginx example, in file config/nginx-app/with-pv.yaml
:
<YOUR_STORAGE_CLASS_NAME>
with your StorageClass
name.In the root of your Velero directory, run:
kubectl apply -f config/ibm/05-backupstoragelocation.yaml
kubectl apply -f config/ibm/10-deployment.yaml
To help you get started, see the documentation.