Heptio Ark is now Velero! As I’ve already written HERE, I thought I’d give an update to the slightly different installation of Heptio Velero.

This is going to be more of a cliff notes blog, as the previous blog has a lot of information I’d rather not repeat in this one. So here we go.

• https://heptio.com/
• https://github.com/heptio/velero
• https://github.com/heptio/velero/releases

Install Client

Option 1

I got an error, but I assume it will work in the future.

brew install velero

Error

brew install velero
 Error: No available formula with the name "velero"
 ==> Searching for a previously deleted formula (in the last month)…
 Warning: homebrew/core is shallow clone. To get complete history run:
   git -C "$(brew --repo homebrew/core)" fetch --unshallow
 Error: No previously deleted formula found.
 ==> Searching for similarly named formulae…
 Error: No similarly named formulae found.
 ==> Searching taps…
 ==> Searching taps on GitHub…
 Error: No formulae found in taps.

Option 2

View latest release https://github.com/heptio/velero/releases.

The following commands downloads the Velero binary and copies it to /usr/local/bin.

{
  VERSION=v0.11.0
  OS=$(uname | tr '[:upper:]' '[:lower:]')
  ARCH=amd64
  curl -L https://github.com/heptio/velero/releases/download/$VERSION/velero-$VERSION-$OS-$ARCH.tar.gz \
    -o velero-$VERSION-$OS-$ARCH.tar.gz
  tar -zxvf velero-$VERSION-$OS-$ARCH.tar.gz velero
  chmod +x ./velero
  sudo mv ./velero /usr/local/bin/velero
  rm -rf velero-$VERSION-$OS-$ARCH.tar.gz
}

Install Server

• https://github.com/heptio/velero/releases # latest version

Download the config directory, which holds all the files required to install velero onto your cluster.

The following commands creates a directory called heptio-velero and downloads the config directory into it (keeps things more organized).

{
  VERSION=v0.11.0
  OS=$(uname | tr '[:upper:]' '[:lower:]')
  ARCH=amd64
  mkdir heptio-velero && cd heptio-velero
  curl -L https://github.com/heptio/velero/releases/download/$VERSION/velero-$VERSION-$OS-$ARCH.tar.gz \
    -o velero-$VERSION-$OS-$ARCH.tar.gz
  tar -zxvf velero-$VERSION-$OS-$ARCH.tar.gz config
  rm -rf velero-$VERSION-$OS-$ARCH.tar.gz
}

Run on GCP

Create GCS bucket

BUCKET=[YOUR_BUCKET]

Create service account

Store the project value from the results in the environment variable $PROJECT_ID.

PROJECT_ID=$(gcloud config get-value project)

Create service account.

gcloud iam service-accounts create velero \
  --display-name "Velero service account"

Set the $SERVICE_ACCOUNT_EMAIL variable to match its email value.

SERVICE_ACCOUNT_EMAIL=velero@ace-element-175818.iam.gserviceaccount.com

Attach policies to give Velero the necessary permissions to function:

A

ROLE_PERMISSIONS=(
 compute.disks.get
 compute.disks.create
 compute.disks.createSnapshot
 compute.snapshots.get
 compute.snapshots.create
 compute.snapshots.useReadOnly
 compute.snapshots.delete
 compute.projects.get
)

B

gcloud iam roles create velero.server \
  --project $PROJECT_ID \
  --title "Velero Server" \
  --permissions "$(IFS=","; echo "${ROLE_PERMISSIONS[*]}")"

C

gcloud projects add-iam-policy-binding $PROJECT_ID \
  --member serviceAccount:$SERVICE_ACCOUNT_EMAIL \
  --role projects/$PROJECT_ID/roles/velero.server

D

gsutil iam ch serviceAccount:$SERVICE_ACCOUNT_EMAIL:objectAdmin gs://${BUCKET}

Create a service account key, specifying an output file (credentials-velero) in your local directory:

Note: This will download the file credentials-velero to your localhost.

gcloud iam service-accounts keys create credentials-velero \
  --iam-account $SERVICE_ACCOUNT_EMAIL

Credentials and configuration

Prereqs

kubectl apply -f config/common/00-prereqs.yaml

Create a Secret

kubectl create secret generic cloud-credentials \
  --namespace velero \
  --from-file cloud=credentials-velero

Start the server

{
  kubectl apply -f config/gcp/05-backupstoragelocation.yaml
  kubectl apply -f config/gcp/06-volumesnapshotlocation.yaml
  kubectl apply -f config/gcp/10-deployment.yaml
}

Testing

I’m using namespace itsmetommy-test to test backup situations.

# create namespace
kubectl create ns itsmetommy-test

# create a deployment
kubectl create deployment nginx --image=nginx -n itsmetommy-test

# confirm deployment
kubectl get deploy -n itsmetommy-test

velero backup create itsmetommy-test-ns --include-namespaces itsmetommy-test --snapshot-volumes

# confirm backup
velero get backups

# simulate disaster
kubectl delete ns itsmetommy-test

# confirm namespace is gone
k get ns itsmetommy-test

# restore
velero restore create --from-backup itsmetommy-test-ns

# confirm restore
velero get restores

# confirm deployment restored
kubectl get deploy -n itsmetommy-test

# clean up
{
  kubectl delete ns itsmetommy-test-ns
  sleep 60
  velero backup delete itsmetommy-test-ns
}