CLI SNIPPETS
velero backup-location get
velero backup create metricbeat --include-namespaces metricbeat
velero restore create nginx --from-backup nginx-backup5
kubectl get volumesnapshotlocations.velero.io -A
kubectl delete volumesnapshotlocation artifacts -n veleroDEPLOYMENT
helm repo add tanzu https://vmware-tanzu.github.io/helm-charts
helm repo updateINGRESS_HOSTNAME_MINIO: artifacts
INGRESS_DOMAIN_MINIO: texas.sthings-vsphere.labul.sva.de
MINIO_ADMIN_USER=sthings
MINIO_ADMIN_PASSWORD=<SECRET>
CA_BUNDLE=<CA_BUNDLE>
cat <<EOF > velero.yaml
deployNodeAgent: true
credentials:
useSecret: true
name: minio
secretContents:
cloud: |
[default]
aws_access_key_id=${MINIO_ADMIN_USER}
aws_secret_access_key=${MINIO_ADMIN_PASSWORD}
configuration:
features: EnableCSI
backupStorageLocation:
- name: default
provider: aws
bucket: velero
default: true
caCert: ${CA_BUNDLE}
config:
region: minio
s3ForcePathStyle: true
s3Url: https://${INGRESS_HOSTNAME_MINIO}.${INGRESS_DOMAIN_MINIO}
publicUrl: https://${INGRESS_HOSTNAME_MINIO}.${INGRESS_DOMAIN_MINIO}
volumeSnapshotLocation:
- name: artifacts
provider: aws
bucket: velero
default: true
caCert: ${CA_BUNDLE}
config:
region: minio
s3ForcePathStyle: true
s3Url: https://${INGRESS_HOSTNAME_MINIO}.${INGRESS_DOMAIN_MINIO}
publicUrl: https://${INGRESS_HOSTNAME_MINIO}.${INGRESS_DOMAIN_MINIO}
initContainers:
- name: velero-plugin-for-aws
image: velero/velero-plugin-for-aws:v1.9.0
volumeMounts:
- mountPath: /target
name: plugins
EOFhelm upgrade --install velero tanzu/velero --version 5.4.1 --values velero.yaml -n velero --create-namespaceSCHEDULES
velero schedule create pgsched --schedule="0 4 * * *" --include-namespaces postgres --ttl 72h
velero schedule get
NAME STATUS CREATED SCHEDULE BACKUP TTL LAST BACKUP SELECTOR PAUSED
pgsched Enabled 2024-03-05 10:35:06 +0100 CET 0 4 * * * 72h0m0s n/a <none> falsevelero backup create --from-schedule pgschedvelero backup get
NAME STATUS ERRORS WARNINGS CREATED EXPIRES STORAGE LOCATION SELECTOR
pgsched-20240305093755 Completed 0 0 2024-03-05 10:37:55 +0100 CET 2d default <none>From official documentation: https://velero.io/docs/v1.9/how-velero-works/
The effects of expiration are not applied immediately, they are applied when the gc-controller runs its reconciliation loop every hour.
BACKUP/RESTORE: POSTGRESDB
helm repo add bitnami https://charts.bitnami.com/bitnamihelm repo updatecat <<EOF > postgres-velero.yaml
POSTGRES_PASSWORD=<SECRET>
primary:
extraVolumes:
- name: backup
emptyDir: {}
extraVolumeMounts:
- name: backup
mountPath: /scratch
persistence:
storageClass: 56-nfs-sc
podAnnotations:
backup.velero.io/backup-volumes: backup
pre.hook.backup.velero.io/timeout: 5m
pre.hook.restore.velero.io/timeout: 5m
post.hook.restore.velero.io/command: '["/bin/bash", "-c", "sleep 1m && PGPASSWORD=${POSTGRES_PASSWORD} \
pg_restore -U postgres -d postgres --clean < /scratch/backup.psql"]'
pre.hook.backup.velero.io/command: '["/bin/bash", "-c", "export PGPASSWORD=${POSTGRES_PASSWORD} \
&& sleep 1m && pg_dump -U postgres -d postgres -F c -f /scratch/backup.psql"]'
EOFhelm upgrade --install postgresql bitnami/postgresql -n postgres --values postgres-velero.yaml --version 14.2.3export POSTGRES_PASSWORD=$(kubectl get secret --namespace postgres postgresql -o jsonpath="{.data.postgres-password}" | base64 -d)kubectl run postgresql-client --rm --tty -i --restart='Never' \
--namespace postgres --image docker.io/bitnami/postgresql:16.2.0-debian-12-r5 \
--env="PGPASSWORD=$POSTGRES_PASSWORD" --command \
-- psql --host postgresql postgres -d postgres -p 5432# CREATE A TABLE
CREATE TABLE phonebook(phone VARCHAR(32), firstname VARCHAR(32), lastname VARCHAR(32), address VARCHAR(64));
# List the databases
\l, \l+
# List tables in the current database
\dt, \dt+
# INSERT TEST DATA
INSERT INTO phonebook(phone, firstname, lastname, address) VALUES('+1 123 456 7890', 'John', 'Doe', 'North America');
# TEST QUERY
SELECT * FROM phonebook ORDER BY lastname;velero backup create pgb18-restic --include-namespaces postgres --waitkubectl delete ns postgresvelero restore create pgb18 --from-backup pgb18-restic --namespace-mappings postgres:new5
export POSTGRES_PASSWORD=$(kubectl get secret --namespace new5 postgresql -o jsonpath="{.data.postgres-password}" | base64 -d)
kubectl run postgresql-client --rm --tty -i --restart='Never' --namespace new5 --image docker.io/bitnami/postgresql:16.2.0-debian-12-r5 --env="PGPASSWORD=$POSTGRES_PASSWORD" --command -- psql --host postgresql -U postgres -d postgres -p 5432
SELECT * FROM phonebook ORDER BY lastname;BACKUP/RESTORE: FILE ON PV
---
apiVersion: v1
kind: Namespace
metadata:
name: csi-app
---
kind: Pod
apiVersion: v1
metadata:
namespace: csi-app
name: csi-nginx
spec:
nodeSelector:
kubernetes.io/os: linux
containers:
- image: nginx
name: nginx
command: [ "sleep", "1000000" ]
volumeMounts:
- name: nfsdisk01
mountPath: "/mnt/nfsdisk"
volumes:
- name: nfsdisk01
persistentVolumeClaim:
claimName: pvc-nfsdisk
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
namespace: csi-app
name: pvc-nfsdisk
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Mi
storageClassName: 56-nfs-sckubectl -n csi-app exec -ti csi-nginx -- bash -c 'echo -n "Hello from Velero!" >> /mnt/nfsdisk/hello'velero backup create csi-backup --include-namespaces csi-app --waitkubectl delete ns csi-appvelero restore create csi-restore --from-backup csi-backup
kubectl -n csi-app exec -ti csi-nginx -- bash -c 'cat /mnt/nfsdisk/hello'