You must back up the following items of your Kubernetes cluster:
-
the persistent volumes that contain important system data
-
secrets with database access credentials
Note: Those secrets are created during installation and are not part of any Helm charts.
To learn more about these persistent volumes and secrets, see Appendix: Main Kubernetes Cluster Objects.
The recommended way to back up those system items is to use Velero, an open source tool for backing up and restoring Kubernetes cluster resources and persistent volumes. To learn how to install it, please refer to its documentation.
To install Velero in your AKS cluster, use these instructions.
When installing Velero in your AKS cluster, you must:
-
configure Velero to use either a service principal or an AAD Pod Identity for authentication in Azure
Important: You must not use storage account access keys for authentication.
-
specify the --use-restic and --namespace VELERO_NAMESPACE options in the Velero installation command, where VELERO_NAMESPACE defines the namespace where Velero will be installed
For example:
velero install \ --provider azure \ --plugins velero/velero-plugin-for-microsoft-azure:v1.3.0 \ --bucket $BLOB_CONTAINER \ --secret-file ./credentials-velero \ --backup-location-config resourceGroup=$AZURE_BACKUP_RESOURCE_GROUP,storageAccount=$AZURE_STORAGE_ACCOUNT_ID,subscriptionId=$AZURE_BACKUP_SUBSCRIPTION_ID \ --use-restic \ --namespace system-velero \ --snapshot-location-config apiTimeout=5m,resourceGroup=$AZURE_BACKUP_RESOURCE_GROUP,subscriptionId=$AZURE_BACKUP_SUBSCRIPTION_ID
When using Velero in your AKS cluster, you must create a backup schedule for each namespace whose items you need to back up. For example, if the namespace of your CloudBlue Commerce system is cbc, create a backup schedule by using this command:
velero create schedule cbc-daily --default-volumes-to-restic=true --schedule="0 23 * * *" --include-namespaces cbc --snapshot-volumes=true --ttl 720h -n system-velero
Important: Specifying the --default-volumes-to-restic=true option is mandatory.
If you have Velero installed in your Kubernetes cluster, you can:
-
get a list of backups:
velero get backups -n VELERO_NAMESPACE
In this command, VELERO_NAMESPACE is the namespace where Velero is installed.
For example:
velero get backups -n system-velero NAME STATUS ERRORS WARNINGS CREATED EXPIRES STORAGE LOCATION SELECTOR velero-daily-20211128040022 Completed 0 0 2021-11-28 07:00:22 +0300 MSK 20d default <none> velero-daily-20211127040022 Completed 0 0 2021-11-27 07:00:22 +0300 MSK 19d default <none> velero-daily-20211126081608 Completed 0 0 2021-11-26 11:16:08 +0300 MSK 18d default <none>
-
view backup schedules:
velero get schedule -n VELERO_NAMESPACE
In this command, VELERO_NAMESPACE is the namespace where Velero is installed.
For example:
velero get schedule -n system-velero NAME STATUS CREATED SCHEDULE BACKUP TTL LAST BACKUP SELECTOR velero-daily Enabled 2021-11-26 11:16:08 +0300 MSK 0 4 * * * 720h0m0s 5h ago <none>
-
restore from a backup:
velero restore create --from-backup BACKUP_NAME -n VELERO_NAMESPACE
In this command:
-
BACKUP_NAME is the name of the backup from which you want to restore the Kubernetes cluster objects of your system.
-
VELERO_NAMESPACE is the namespace where Velero is installed.
For example:
velero restore create --from-backup velero-daily-20211126081608 -n system-velero
-