Velero is used to create and restore backups of secrets and configmaps in all k8s clusters.
We use the default ‘velero install’, but we store the key for the service account in k8s secrets just like all our other service accounts. The install-*.sh script will copy the secret back out skia-public secrets and pass it to the ‘velero install’ command line.
Install the velero command line application.
To check the status of a backup run:
velero schedule describe
Each cluster should be scheduled to be backed up once a day. See
create-schedule.sh for those schedules.
The velero resources are all under the ‘velero’ namespace, so to see them you need to speficy the namespace, or use --all-namespaces in kubectl commands. For example:
kubectl get pods --namespace=velero
Prometheus alerts exist for each cluster to catch backups that fail.
Running the install-* scripts should install the correct version, but run:
To make sure both the client and server agree. If not you might need to manually set the server version, for example:
kubectl -n velero set image deployment/velero velero=gcr.io/heptio-images/velero:v1.0.0-rc.1