Backup/Restore with Velero on vSphere

velero icon


Velero Providers

  1. Restic: Restic is a popular open-source tool and because is not tied to a specific storage platform, it gives you some flexilibity to migrate data between different cloud providers. It has some limitations too though which you can read here
  2. vSphere plugin: vSphere has its own volume snapshot plugin: velero-plugin-for-vsphere. This plugin backups kubernetes persistent volumes to a S3 bucket.
  3. CSI VolumeSnapshots: Container Storage Interface (CSI) has been promoted to GA in the Kubernetes v1.13 release and features that rely on CSI are being added to Kubernetes. One such feature is called Volume Snaphots and this feature has been in beta state as of Kubernetes v1.17. In order to use this plugin, you have to make sure that CSI is configured correctly for storage provider of your kubernetes cluster e.g. if you use TKGI(Tanzu Kubernetes Grid Integrate), you can follow the steps explained here. As of 18.11.2020 CSI Volume Snapshots is not supported by vsphere-csi-driver; here is a relevant issue.

Velero in action

1) Velero with Restic

  • Install Velero with Restic enabled
  • Create a test application with a Persistent Volume
  • Create a backup of the application
  • Delete the application
  • Restore the application from the backup

Create namespace velero

kubectl create ns velero

Create a Kubernetes secret for a AWS S3 bucket

kubectl -n velero create secret generic cloud-credentials --from-file=cloud=creds.txt

Install velero with Restic

helm repo add vmware-tanzu
helm install velero vmware-tanzu/velero -f values.yaml \
-n velero --version 2.13.6 \
--set configuration.backupStorageLocation.bucket=<your-bucket> \
--set configuration.backupStorageLocation.config.region=<aws-region> \
--set configuration.backupStorageLocation.prefix=<some-prefix> \
--set restic.podVolumePath=/var/lib/kubelet/pods \
--set restic.privileged=true

Create a backup && restore

annotations: nginx-logs
# Create application resources
kubectl apply -f example-app-with-pv.yaml
kubectl -n example-app get pods -w # wait till pod is running
# Write some data into persistent volume(PV)
kubectl -n example-app exec -it "$(kubectl get pods -n example-app -o name)" -- bash -c "echo 'I persisted' > /opt/my-pvc/hi.txt"
# Check if data has persisted into PV
kubectl -n example-app exec -it "$(kubectl get pods -n example-app -o name)" -- bash -c "cat /opt/my-pvc/hi.txt"
# Start velero backup
velero backup create backup1 --include-namespaces example-app --storage-location aws --snapshot-volumes
# Delete application
kubectl delete namespaces example-app
# Make sure PV is gone
kubectl get pv -A | grep my-pvc #check no pv
# Restore the latest backup
velero restore create --from-backup backup1
kubectl get pods -n example-app # wait till pod is running
# Check if data has been restored
kubectl -n example-app exec -it "$(kubectl get pods -n example-app -o name)" -- bash -c "cat /opt/my-pvc/hi.txt"


kubectl delete ns velero
kubectl delete ns example-app

2) vSphere plugin

3) CSI Volume VolumeSnapshots



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Murat Celep

Murat Celep

Murat currently works at VMware Tanzu Labs. Ex-Red Hatter. These days he focuses on Kubernetes, CI/CD, PaaS, CaaS, Cloud-native Software.