Velero Azure Cluster Installation

How to set up Velero with a Azure Kubernetes cluster

The following instructions are based on the Velero Plugin for Microsoft Azure instructions.

These steps assume the user has installed the Azure Command-Line Interface (CLI) and has the necessary permissions to perform the steps below.

The following items are required to create the Velero bucket via a Microsoft Azure Storage Container:

Resource Group: The resource group that the storage container belongs to. It is recommended to either use the same Resource Group as the Azure Kubernetes cluster hosting the Wallaroo instance, or create a Resource Group in the same Azure location.
- Resource Group Location: The Azure location for the resource group.
Azure Storage Account ID: Used to manage the storage container settings.
Azure Storage Container Name: The name of the container being used.
Azure Kubernetes Cluster Name: The name of the Azure Kubernetes Cluster hosting the Wallaroo instance.
Create Azure Storage Account Access Key: This step sets a method for the Velero service to authenticate with Azure to create the backup and restore jobs. Velero recommends different options in its Velero Plugin for Microsoft Azure Set permissions for Velero documentation. The steps below will cover using a storage account access key.

If these elements are available, then skip straight to the Install Velero In the Wallaroo Azure Kubernetes Cluster step.

Get Azure Subscription ID

To retrieve the Azure Subscription ID:

Login to Microsoft Azure.
From the search bar, search for Subscription.
From the Subscriptions Dashboard, select the Subscription ID to be used and store it for later use.

Create Azure Resource Group

To create the Azure Resource Group, use the following command, replacing the variables $AZURE_VELERO_RESOURCE_GROUP and $AZURE_LOCATION with your organization’s requirements.

IMPORTANT NOTE: This resource group must be in the same Azure Subscription ID as in the Get Azure Subscription ID above.

az group create -n $AZURE_VELERO_RESOURCE_GROUP --location $AZURE_LOCATION

Create Azure Storage Account

To create the Azure Storage Account, the Azure Storage Account ID must be composed of only lower case alphanumeric characters and - and ., with the ID beginning or ending in an alphanumeric character. So velero-backup-account is appropriate, while VELERO_BACKUP will not. Update the variables $AZURE_VELERO_RESOURCE_GROUP and $AZURE_STORAGE_ACCOUNT_ID with your organization’s requirements.

AZURE_STORAGE_ACCOUNT_ID="wallaroo_velero_storage"
az storage account create \
    --name $AZURE_STORAGE_ACCOUNT_ID \
    --resource-group $AZURE_VELERO_RESOURCE_GROUP \
    --sku Standard_GRS \
    --encryption-services blob \
    --https-only true \
    --min-tls-version TLS1_2 \
    --kind BlobStorage \
    --access-tier Hot

Create Azure Storage Container

Use the following command to create the Azure Storage Container for use by the Velero service. Replace the BLOB_CONTAINER variable with your organization’s requirements. Note that this new container should have a unique name.

BLOB_CONTAINER=velero
az storage container create -n $BLOB_CONTAINER --public-access off --account-name $AZURE_STORAGE_ACCOUNT_ID

Create Azure Storage Account Access Key

This step sets a method for the Velero service to authenticate with Azure to create the backup and restore jobs. Velero recommends different options in its Velero Plugin for Microsoft Azure Set permissions for Velero documentation. Organizations are encouraged to use the method that aligns with their security requirements.

The steps below will cover using a storage account access key.

Set the default resource group to the same one used for the Valero Resource Group in the step Create Azure Resource Group.
```
az configure --defaults group=$AZURE_VELERO_RESOURCE_GROUP
```
Retrieve the Azure Storage Account Access Key using the $AZURE_STORAGE_ACCOUNT_ID created in the step Create Azure Storage Account. Store this key in a secure location.
```
AZURE_STORAGE_ACCOUNT_ACCESS_KEY=`az storage account keys list --account-name $AZURE_STORAGE_ACCOUNT_ID --query "[?keyName == 'key1'].value" -o tsv`
```
Store the name of the Azure Kubernetes cluster hosting the Wallaroo instance as $AZURE_CLOUD_NAME and the $AZURE_STORAGE_ACCOUNT_ACCESS_KEY into a secret key file. The following command will store it in the location ~/.credentials-velero-azure:
```
cat << EOF  > ~/.credentials-velero-azure
AZURE_STORAGE_ACCOUNT_ACCESS_KEY=${AZURE_STORAGE_ACCOUNT_ACCESS_KEY}
AZURE_CLOUD_NAME=AzurePublicCloud
EOF
```

Install Velero In the Wallaroo Azure Kubernetes Cluster

This step will install the Velero service into the Azure Kubernetes Cluster hosting the Wallaroo instance using the variables from the steps above.

Install the Velero service into the cluster with the following command:

velero install \
    --provider azure \
    --plugins velero/velero-plugin-for-microsoft-azure:v1.6.0 \
    --bucket $BLOB_CONTAINER \
    --secret-file ~/.credentials-velero-azure \
    --backup-location-config storageAccount=$AZURE_STORAGE_ACCOUNT_ID,storageAccountKeyEnvVar=AZURE_STORAGE_ACCOUNT_ACCESS_KEY \
    --use-volume-snapshots=false \
    --use-node-agent --wait

Once complete, verify the installation is complete by checking for the velero namespace in the Kubernetes cluster:

kubectl get namespaces
NAME              STATUS   AGE
default           Active   222d
kube-node-lease   Active   222d
kube-public       Active   222d
kube-system       Active   222d
velero            Active   5m32s
wallaroo          Active   7d23h

To view the logs for the Velero service installation, use the command kubectl logs deployment/velero -n velero.

If using Kubernetes taints and tolerations for the Wallaroo installation, update the velero namespace to accept all pods:

kubectl -n velero patch ds node-agent -p='{"spec": {"template": {"spec": {"tolerations":[{"operator": "Exists"}]}}}}'