Documentation for version v1.1.0 is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see the latest version.
You can run Kubernetes on Google Cloud Platform in either:
If you do not have the gcloud
and gsutil
CLIs locally installed, follow the
user guide to set them up.
Download the latest official release’s tarball for your client platform.
We strongly recommend that you use an
official release of
Velero. The tarballs for each release contain the velero
command-line client. The code in the main branch
of the Velero repository is under active development and is not guaranteed to be stable!
Extract the tarball:
tar -xvf <RELEASE-TARBALL-NAME>.tar.gz -C /dir/to/extract/to
We’ll refer to the directory you extracted to as the “Velero directory” in subsequent steps.
Move the velero
binary from the Velero directory to somewhere in your PATH.
Velero requires an object storage bucket in which to store backups, preferably unique to a single Kubernetes cluster (see the FAQ for more details). Create a GCS bucket, replacing the <YOUR_BUCKET> placeholder with the name of your bucket:
BUCKET=<YOUR_BUCKET>
gsutil mb gs://$BUCKET/
To integrate Velero with GCP, create a Velero-specific Service Account:
View your current config settings:
gcloud config list
Store the project
value from the results in the environment variable $PROJECT_ID
.
PROJECT_ID=$(gcloud config get-value project)
Create a service account:
gcloud iam service-accounts create velero \
--display-name "Velero service account"
If you’ll be using Velero to backup multiple clusters with multiple GCS buckets, it may be desirable to create a unique username per cluster rather than the default
velero
.
Then list all accounts and find the velero
account you just created:
gcloud iam service-accounts list
Set the $SERVICE_ACCOUNT_EMAIL
variable to match its email
value.
SERVICE_ACCOUNT_EMAIL=$(gcloud iam service-accounts list \
--filter="displayName:Velero service account" \
--format 'value(email)')
Attach policies to give velero
the necessary permissions to function:
ROLE_PERMISSIONS=(
compute.disks.get
compute.disks.create
compute.disks.createSnapshot
compute.snapshots.get
compute.snapshots.create
compute.snapshots.useReadOnly
compute.snapshots.delete
compute.zones.get
)
gcloud iam roles create velero.server \
--project $PROJECT_ID \
--title "Velero Server" \
--permissions "$(IFS=","; echo "${ROLE_PERMISSIONS[*]}")"
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member serviceAccount:$SERVICE_ACCOUNT_EMAIL \
--role projects/$PROJECT_ID/roles/velero.server
gsutil iam ch serviceAccount:$SERVICE_ACCOUNT_EMAIL:objectAdmin gs://${BUCKET}
Create a service account key, specifying an output file (credentials-velero
) in your local directory:
gcloud iam service-accounts keys create credentials-velero \
--iam-account $SERVICE_ACCOUNT_EMAIL
If you run Google Kubernetes Engine (GKE), make sure that your current IAM user is a cluster-admin. This role is required to create RBAC objects. See the GKE documentation for more information.
Install Velero, including all prerequisites, into the cluster and start the deployment. This will create a namespace called velero
, and place a deployment named velero
in it.
velero install \
--provider gcp \
--bucket $BUCKET \
--secret-file ./credentials-velero
Additionally, you can specify --use-restic
to enable restic support, and --wait
to wait for the deployment to be ready.
(Optional) Specify --snapshot-location-config snapshotLocation=<YOUR_LOCATION>
to keep snapshots in a specific availability zone. See the
VolumeSnapshotLocation definition for details.
(Optional) Specify
additional configurable parameters for the --backup-location-config
flag.
(Optional) Specify
additional configurable parameters for the --snapshot-location-config
flag.
(Optional) Specify CPU and memory resource requests and limits for the Velero/restic pods.
For more complex installation needs, use either the Helm chart, or add --dry-run -o yaml
options for generating the YAML representation for the installation.
To help you get started, see the documentation.