Use Velero backup with PowerScale S3 Bucket
Velero is one of the most popular tools for backup and restoring of Kubernetes resources.
You can use Velero for different backup options to protect your Kubernetes cluster. The three modes are:
- Protect the Kubernetes resource objects like
Namespace, etc., and CRDs included
- Protect the
PersistentVolumedata with the help
- Protect the content of the PVs with the help of restic
In all cases, Velero syncs the information (YAML & Restic data) to an object storage.
PowerScale is Dell leading scale-out NAS solution, supports many different access protocols like NFS, SMB, HTTP, FTP, HDFS, and, in the case that interests us, S3 !
For a simple backup solution of a few terabytes of Kubernetes data, PowerScale & Velero are a perfect duo.
PowerScale is not 100% compatible with S3 protocol per AWS (cf. https://infohub.delltechnologies.com/section-assets/h18293-powerscale-onefs-s3-api-guide). Nonetheless, Velero is not using these unsupported calls to work; this make PowerScale S3 a product-grade solution with Velero.
PowerScale S3 configuration
To prepare the PowerScale to be a target for the backup, a few steps are needed :
- Make sure the S3 protocol is enabled ; you can check that from the GUI under Protocols > Object Storage (S3) > Global Settings or the CLI:
PS1-1% isi s3 settings global view HTTP Port: 9020 HTTPS Port: 9021 HTTPS only: No S3 Service Enabled: Yes
- Create a bucket with the permission to write objects at bare-minimum, that action can be done from the GUI or CLI also
- Create a key for the user that will be used to upload the objects ; it is important to note that
- The username is the one indicated in the interface, not the one from the file system or provider (e.g. here,
- The key is only displayed upon creation, and it is not possible to get it back after ; be sure to copy it right away
Now that PowerScale is ready, we can proceed with the Velero deployment.
We assume that the Velero binary is installed and has access to the Kubernetes cluster. If not, please refer to the official doc for the deployment.
The steps to configure Velero are :
- Create a file with the credentials obtained before from PowerScale
$ cat ~/credentials-velero [default] aws_access_key_id = 1_admin_accid aws_secret_access_key = 0sncWaAsVWycj4LFTPnxi2k8RPdi
Optionally, obtain the PowerScale SSL certificate. In our case, the HTTPS endpoint uses a self-signed certificate, so we have to get it and pass it to Velero. Note that we can use HTTP protocol, and that step can be skipped at the cost of plain text data transit. For more information on the self-signed certificates in the context of Velero, you can check https://velero.io/docs/v1.9/self-signed-certificates/
- Install Velero itself. We use a similar method to what you will do with a provider like MinIO
$ velero install \ --provider aws \ --plugins velero/velero-plugin-for-aws:v1.5.1 \ --bucket velero-backup \ --secret-file ./credentials-velero \ --use-volume-snapshots=false \ --cacert ./ps2-cacert.pem \ --backup-location-config region=powerscale,s3ForcePathStyle="true",s3Url=https://192.168.1.21:9021
The above command shows how to use Velero most simplistically and securely.
It is possible to add parameters to enable protection with snapshots. Every Dell CSI drivers has snapshot support, to take advantage of it the install command will be the same with the addition of :
velero install \ --features=EnableCSI \ --plugins=velero/velero-plugin-for-aws:v1.5.1,velero/velero-plugin-for-csi:v0.3.0 \ --use-volume-snapshots=true ...
And for Restic add
You can also note that we are using the
velero/velero-plugin-for-aws:v1.5.1 image, which is the latest available at the time of the publication of that article. You can obtain the current version from the github repo : https://github.com/vmware-tanzu/velero-plugin-for-aws
After installation is done, you check everything is correct with :
kubectl logs -n velero deployment/velero. If you have an error with the certificates you should see it quickly.
You can now back up and restore your Kubernetes resources with the usual Velero commands.
You can check the actual content directly from PowerScale File Explorer :
Demo ! TODO
For a small and easy protection of Kubernetes clusters Velero & and PowerScale S3 are a perfect duo. If you are looking for broader features (amount of data, more destinations, go beyond Kubernetes) and state of the art data protection Dell solution is PowerProtect Data Manager.
Interestingly Dell PPDM participates to the Velero eco-system ;-)