$ oc get backupStorageLocations
You back up applications by creating a Backup
custom resource (CR).
The Backup
CR creates backup files for Kubernetes resources and internal images, on S3 object storage, and snapshots for persistent volumes (PVs), if the cloud provider uses a native snapshot API or the Container Storage Interface (CSI) to create snapshots, such as OpenShift Data Foundation 4. For more information, see CSI volume snapshots.
The For more information about the support scope of Red Hat Technology Preview features, see https://access.redhat.com/support/offerings/techpreview/. |
If your cloud provider has a native snapshot API or supports Container Storage Interface (CSI) snapshots, the Backup
CR backs up persistent volumes by creating snapshots. For more information, see the Overview of CSI volume snapshots in the OpenShift Container Platform documentation.
If your cloud provider does not support snapshots or if your applications are on NFS data volumes, you can create backups by using Restic.
You can create backup hooks to run commands before or after the backup operation.
You can schedule backups by creating a Schedule
CR instead of a Backup
CR.
You back up Kubernetes images, internal images, and persistent volumes (PVs) by creating a Backup
custom resource (CR).
You must install the OpenShift API for Data Protection (OADP) Operator.
The DataProtectionApplication
CR must be in a Ready
state.
Backup location prerequisites:
You must have S3 object storage configured for Velero.
You must have a backup location configured in the DataProtectionApplication
CR.
Snapshot location prerequisites:
Your cloud provider must have a native snapshot API or support Container Storage Interface (CSI) snapshots.
For CSI snapshots, you must create a VolumeSnapshotClass
CR to register the CSI driver.
You must have a volume location configured in the DataProtectionApplication
CR.
Retrieve the backupStorageLocations
CRs:
$ oc get backupStorageLocations
NAME PHASE LAST VALIDATED AGE DEFAULT
velero-sample-1 Available 11s 31m
Create a Backup
CR, as in the following example:
apiVersion: velero.io/v1
kind: Backup
metadata:
name: <backup>
labels:
velero.io/storage-location: default
namespace: openshift-adp
spec:
hooks: {}
includedNamespaces:
- <namespace> (1)
storageLocation: <velero-sample-1> (2)
ttl: 720h0m0s
1 | Specify an array of namespaces to back up. |
2 | Specify the name of the backupStorageLocations CR. |
Verify that the status of the Backup
CR is Completed
:
$ oc get backup -n openshift-adp <backup> -o jsonpath='{.status.phase}'
You back up persistent volumes with Container Storage Interface (CSI) snapshots by editing the VolumeSnapshotClass
custom resource (CR) of the cloud storage before you create the Backup
CR.
The cloud provider must support CSI snapshots.
You must enable CSI in the DataProtectionApplication
CR.
Add the metadata.labels.velero.io/csi-volumesnapshot-class: "true"
key-value pair to the VolumeSnapshotClass
CR:
apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshotClass
metadata:
name: <volume_snapshot_class_name>
labels:
velero.io/csi-volumesnapshot-class: "true"
driver: <csi_driver>
deletionPolicy: Retain
You can now create a Backup
CR.
The OADP 1.1 Data Mover enables customers to back up CSI volume snapshots to a remote object store and to restore stateful applications from the store in the event of a failure, accidental deletion or corruption of the cluster. The OADP 1.1 Data Mover solution uses the Restic option of VolSync.
Data Mover is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. For more information about the support scope of Red Hat Technology Preview features, see https://access.redhat.com/support/offerings/techpreview/. |
Data Mover supports backup and restore of CSI volume snapshots only. Currently, Data Mover does not support Google Cloud Storage (GCS) buckets. |
The StorageClass
and VolumeSnapshotClass
CRs support CSI.
Only one volumeSnapshotClass
CR has the annotation snapshot.storage.kubernetes.io/is-default-class: true
.
Only one storageClass
CR has the annotation storageclass.kubernetes.io/is-default-class: true
.
Include the label velero.io/csi-volumesnapshot-class: 'true'
in your VolumeSnapshotClass
CR to indicate for Velero which to use.
Install the VolSync Operator using the Operator Lifecycle Manager (OLM).
The VolSync operator is required only for use with the Technology Preview Data Mover. The operator is not required for using OADP GA features. |
Install the OADP operator using OLM.
Configure a Restic secret:
$ cat << EOF > ./restic-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: <secret-name>
namespace: openshift-adp
type: Opaque
stringData:
# The repository encryption key
RESTIC_PASSWORD: <secure-restic-password>
EOF
By default, the operator looks for a secret named |
Create a DPA similar to the following example. Note that defaultPlugins
includes CSI.
apiVersion: oadp.openshift.io/v1alpha1
kind: DataProtectionApplication
metadata:
name: velero-sample
namespace: openshift-adp
spec:
features:
dataMover:
enable: true
credentialName: <secret-name> (1)
backupLocations:
- velero:
config:
profile: default
region: us-east-1
credential:
key: cloud
name: cloud-credentials
default: true
objectStorage:
bucket: <bucket-name>
prefix: <bucket-prefix>
provider: aws
configuration:
restic:
enable: <true or false>
velero:
defaultPlugins:
- openshift
- aws
- csi
1 | Add the Restic secret name from the previous step. If this is not done, the default secret name dm-credential is used. |
The OADP operator installs two custom resource definitions (CRDs), VolumeSnapshotBackup
and VolumeSnapshotRestore
.
VolumeSnapshotBackup
CRapiVersion: datamover.oadp.openshift.io/v1alpha1
kind: VolumeSnapshotBackup
metadata:
name: <vsb-name>
namespace: <namespace-name> (1)
spec:
volumeSnapshotContent:
name: <snapcontent-name>
protectedNamespace: <adp-namespace>
resticSecretRef:
name: <restic-secret-name>
1 | Specify the namespace where the volume snapshot resides. |
VolumeSnapshotRestore
CRapiVersion: datamover.oadp.openshift.io/v1alpha1
kind: VolumeSnapshotRestore
metadata:
name: <vsr-name>
namespace: <namespace-name> (1)
spec:
protectedNamespace: <protected-ns> (2)
resticSecretRef:
name: <restic-secret-name>
volumeSnapshotMoverBackupRef:
sourcePVCData:
name: <source-pvc-name>
size: <source-pvc-size>
resticrepository: <your-restic-repo>
volumeSnapshotClassName: <vsclass-name>
1 | Specify the namespace where the volume snapshot resides. |
2 | Specify the namespace where the operator is installed. The default is openshift-adp . |
To back up a snapshot, do the following:
Create a backup CR:
apiVersion: velero.io/v1
kind: Backup
metadata:
name: <backup-name>
namespace: <protected-ns> (1)
spec:
includedNamespaces:
- <app-ns>
storageLocation: velero-sample-1
1 | Specify the namespace where the operator is installed. The default is openshift-adp . |
Wait several minutes and check whether the VolumeSnapshotBackup CR status is Completed
:
`oc get vsb -n <app-ns>`
`oc get vsb <vsb-name> -n <app-ns> -ojsonpath="{.status.phase}`
A snapshot appears in the object store that was specified in the restic secret.
To restore a snapshot, do the following:
Delete the application namespace and the volumeSnapshotContent
that was created by the Velero CSI plug-in.
Create a restore CR, set restorePVs
to true
.
apiVersion: velero.io/v1
kind: Restore
metadata:
name: <restore-name>
namespace: <protected-ns>
spec:
backupName: <previous-backup-name>
restorePVs: true
Wait several minutes and check whether the VolumeSnapshotRestore CR status is `Completed`S:
oc get vsr -n <app-ns>
oc get vsr <vsr-name> -n <app-ns> -ojsonpath="{.status.phase}
Check that your application data has been restored:
oc get route <route-name> -n <app-ns> -ojsonpath="{.spec.host}"
You create backup hooks to run commands in a container in a pod by editing the Backup
custom resource (CR).
Pre hooks run before the pod is backed up. Post hooks run after the backup.
Add a hook to the spec.hooks
block of the Backup
CR, as in the following example:
apiVersion: velero.io/v1
kind: Backup
metadata:
name: <backup>
namespace: openshift-adp
spec:
hooks:
resources:
- name: <hook_name>
includedNamespaces:
- <namespace> (1)
excludedNamespaces:
- <namespace>
includedResources:
- pods (2)
excludedResources: []
labelSelector: (3)
matchLabels:
app: velero
component: server
pre: (4)
- exec:
container: <container> (5)
command:
- /bin/uname (6)
- -a
onError: Fail (7)
timeout: 30s (8)
post: (9)
...
1 | Array of namespaces to which the hook applies. If this value is not specified, the hook applies to all namespaces. |
2 | Currently, pods are the only supported resource. |
3 | Optional: This hook only applies to objects matching the label selector. |
4 | Array of hooks to run before the backup. |
5 | Optional: If the container is not specified, the command runs in the first container in the pod. |
6 | Array of commands that the hook runs. |
7 | Allowed values for error handling are Fail and Continue . The default is Fail . |
8 | Optional: How long to wait for the commands to run. The default is 30s . |
9 | This block defines an array of hooks to run after the backup, with the same parameters as the pre-backup hooks. |
You schedule backups by creating a Schedule
custom resource (CR) instead of a Backup
CR.
You must install the OpenShift API for Data Protection (OADP) Operator.
The DataProtectionApplication
CR must be in a Ready
state.
Retrieve the backupStorageLocations
CRs:
$ oc get backupStorageLocations
NAME PHASE LAST VALIDATED AGE DEFAULT
velero-sample-1 Available 11s 31m
Create a Schedule
CR, as in the following example:
$ cat << EOF | oc apply -f -
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: <schedule>
namespace: openshift-adp
spec:
schedule: 0 7 * * * (1)
template:
hooks: {}
includedNamespaces:
- <namespace> (2)
storageLocation: <velero-sample-1> (3)
defaultVolumesToRestic: true (4)
ttl: 720h0m0s
EOF
1 | cron expression to schedule the backup, for example, 0 7 * * * to perform a backup every day at 7:00. |
2 | Array of namespaces to back up. |
3 | Name of the backupStorageLocations CR. |
4 | Optional: Add the defaultVolumesToRestic: true key-value pair if you are backing up volumes with Restic. |
Verify that the status of the Schedule
CR is Completed
after the scheduled backup runs:
$ oc get schedule -n openshift-adp <schedule> -o jsonpath='{.status.phase}'