The following instructions are based on the Velero Plugin for Microsoft Azure instructions.
These steps assume the user has installed the Azure Command-Line Interface (CLI) and has the necessary permissions to perform the steps below.
The following items are required to create the Velero bucket via a Microsoft Azure Storage Container:
If these elements are available, then skip straight to the Install Velero In the Wallaroo Azure Kubernetes Cluster step.
To retrieve the Azure Subscription ID:
To create the Azure Resource Group, use the following command, replacing the variables $AZURE_VELERO_RESOURCE_GROUP
and $AZURE_LOCATION
with your organization’s requirements.
az group create -n $AZURE_VELERO_RESOURCE_GROUP --location $AZURE_LOCATION
To create the Azure Storage Account, the Azure Storage Account ID must be composed of only lower case alphanumeric characters and -
and .
, with the ID beginning or ending in an alphanumeric character. So velero-backup-account
is appropriate, while VELERO_BACKUP
will not. Update the variables $AZURE_VELERO_RESOURCE_GROUP
and $AZURE_STORAGE_ACCOUNT_ID
with your organization’s requirements.
AZURE_STORAGE_ACCOUNT_ID="wallaroo_velero_storage"
az storage account create \
--name $AZURE_STORAGE_ACCOUNT_ID \
--resource-group $AZURE_VELERO_RESOURCE_GROUP \
--sku Standard_GRS \
--encryption-services blob \
--https-only true \
--min-tls-version TLS1_2 \
--kind BlobStorage \
--access-tier Hot
Use the following command to create the Azure Storage Container for use by the Velero service. Replace the BLOB_CONTAINER
variable with your organization’s requirements. Note that this new container should have a unique name.
BLOB_CONTAINER=velero
az storage container create -n $BLOB_CONTAINER --public-access off --account-name $AZURE_STORAGE_ACCOUNT_ID
This step sets a method for the Velero service to authenticate with Azure to create the backup and restore jobs. Velero recommends different options in its Velero Plugin for Microsoft Azure Set permissions for Velero documentation. Organizations are encouraged to use the method that aligns with their security requirements.
The steps below will cover using a storage account access key.
Set the default resource group to the same one used for the Valero Resource Group in the step Create Azure Resource Group.
az configure --defaults group=$AZURE_VELERO_RESOURCE_GROUP
Retrieve the Azure Storage Account Access Key using the $AZURE_STORAGE_ACCOUNT_ID
created in the step Create Azure Storage Account. Store this key in a secure location.
AZURE_STORAGE_ACCOUNT_ACCESS_KEY=`az storage account keys list --account-name $AZURE_STORAGE_ACCOUNT_ID --query "[?keyName == 'key1'].value" -o tsv`
Store the name of the Azure Kubernetes cluster hosting the Wallaroo instance as $AZURE_CLOUD_NAME
and the $AZURE_STORAGE_ACCOUNT_ACCESS_KEY
into a secret key file. The following command will store it in the location ~/.credentials-velero-azure
:
cat << EOF > ~/.credentials-velero-azure
AZURE_STORAGE_ACCOUNT_ACCESS_KEY=${AZURE_STORAGE_ACCOUNT_ACCESS_KEY}
AZURE_CLOUD_NAME=AzurePublicCloud
EOF
This step will install the Velero service into the Azure Kubernetes Cluster hosting the Wallaroo instance using the variables from the steps above.
Install the Velero service into the cluster with the following command:
velero install \
--provider azure \
--plugins velero/velero-plugin-for-microsoft-azure:v1.6.0 \
--bucket $BLOB_CONTAINER \
--secret-file ~/.credentials-velero-azure \
--backup-location-config storageAccount=$AZURE_STORAGE_ACCOUNT_ID,storageAccountKeyEnvVar=AZURE_STORAGE_ACCOUNT_ACCESS_KEY \
--use-volume-snapshots=false \
--use-node-agent --wait
Once complete, verify the installation is complete by checking for the velero
namespace in the Kubernetes cluster:
kubectl get namespaces
NAME STATUS AGE
default Active 222d
kube-node-lease Active 222d
kube-public Active 222d
kube-system Active 222d
velero Active 5m32s
wallaroo Active 7d23h
To view the logs for the Velero service installation, use the command kubectl logs deployment/velero -n velero
.
If using Kubernetes taints and tolerations for the Wallaroo installation, update the velero
namespace to accept all pods:
kubectl -n velero patch ds node-agent -p='{"spec": {"template": {"spec": {"tolerations":[{"operator": "Exists"}]}}}}'