VMware recently released Velero v1.4 with features supporting CSI snapshotter APIs which are also supported by the Pure Storage® Pure Service Orchestrator™ (PSO).
Let’s examine what your environment needs to look like to get the most out of your PSO and Velero integration.
First, you’ll need a Kubernetes cluster of v1.17.4 or higher where the snapshotter API v1beta1 is implemented. You’ll also need a version of PSO that fully supports this API version.
Here’s where the sneak peek comes in: You’ll need to wait for PSO 6.0 to ship before implementing this integration. (It’ll be out in the coming weeks.) In the examples below, I’m using PSO 6.0.0-rc2.
From an infrastructure perspective, I’m using a single FlashArray managed by PSO and have a standalone FlashBlade that will serve as a Velero backup location.
Before we get into the details of Velero, we need to set up our FlashBlade as a storage location for the Velero backups. This location holds only the backup of the application and metadata. The persistent volume backups are kept on the underlying FlashArray storage, utilising the CSI snapshot APIs.
All you need on the FlashBlade is an object bucket and the appropriate access key and secret—you’ll need this information to configure the Velero credentials.
Next, you’ll need to create an account, user, and bucket on a FlashBlade that exposes the access key and secret. Use the following simple Ansible playbook, and change the account, user, and bucket names to your preferred values.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
– name: Pure Storage object module examples hosts: localhost collections: – purestorage.flashblade tasks: – name: Create s3 account purefb_s3acc: name: velero fb_url: <your FB management VIP> api_token: <your FB API token> – name: Create s3 user purefb_s3user: name: velero account: velero fb_url: <your FB management VIP> api_token: <your FB API token> register: user_info – debug: msg: “{{ user_info }}” – name: Create bucket purefb_bucket: name: velero–storage account: velero fb_url: <your FB management VIP> api_token: <your FB API token> |
Use your user access details to create a credentials file on the node where you’re going to install Velero. I’ve created a file called velero-credentials.txt
:
1 2 3 4 |
[default] aws_access_key_id=PSFBSAZRGHJNABLGBLNCGHIFNAEEGONFAMFAJPOPO aws_secret_access_key=0E21905C5de6440+4636+459D1267f4bd9520LBKK aws_region=us–west–2 |
Notice that an aws_region is specified even though we’re using a FlashBlade as the target for the backups. At the moment, Velero requires this parameter even if you’re not using AWS, so just populate it with any region name.
Installing Velero CLI is incredibly simple. Just get the latest Velero release tarball, extract this, and move the velero binary to somewhere in your $PATH
, for example /usr/local/bin
.
Now that you have the Velero binary, you can install Velero and configure it to use the PSO CSI driver to manage the persistent volume snapshots and to use the FlashBlade as the target device for the backup objects.
The command is a little long, but worth it…
1 2 3 4 5 6 7 8 9 |
velero install \ —provider aws \ —bucket <your bucket name> \ —secret–file <credentials filename> \ —features=EnableCSI \ —image velero/velero:v1.4.0 \ —plugins=velero/velero–plugin–for–aws:v1.1.0,velero/velero–plugin–for–csi:v0.1.0 \ —backup–location–config region=default,s3ForcePathStyle=“true”,s3Url=https://<FB Data VIP>,insecureSkipTLSVerify=true \ —snapshot–location–config region=<same as region in credentials file> |
Notice that some of these parameters seem a little AWS-S3 related—that’s just a feature of the way Velero implements.
It’ll take a short time to initialize, but once complete, you can check to make sure there are no errors by running kubectl logs deployment/velero -n velero
.
All complete. Now check out this video to see how to perform backups and restores.
I hope you enjoyed this blog post and video.
Expect to see more backup integrations between PSO and Velero and other Kubernetes DR-solution providers in the future. And keep an eye out for the latest PSO release—coming soon.