Velero Plugin For Aws
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Caprover | 10,166 | 14 days ago | 100 | other | TypeScript | |||||
| Scalable PaaS (automated Docker+nginx) - aka Heroku on Steroids | ||||||||||
| Up | 8,687 |  | 68 | 13 | 25 days ago | 11 | March 02, 2018 | 291 | mit | Go |
| Deploy infinitely scalable serverless apps, apis, and sites in seconds to AWS. | ||||||||||
| Webiny Js | 6,473 |  | 113 | a day ago | 251 | September 07, 2022 | 221 | other | TypeScript | |
| Open-source serverless enterprise CMS. Includes a headless CMS, page builder, form builder, and file manager. Easy to customize and expand. Deploys to AWS. | ||||||||||
| Aws Sam Cli | 6,246 |  | 31 | 12 | 21 hours ago | 129 | June 29, 2022 | 366 | apache-2.0 | Python |
| CLI tool to build, test, debug, and deploy Serverless applications using AWS SAM | ||||||||||
| Claudia | 3,709 |  | 193 | 29 | a year ago | 122 | March 17, 2022 | 14 | mit | JavaScript |
| Deploy Node.js projects to AWS Lambda and API Gateway easily | ||||||||||
| Awesome Ecs | 2,784 | 21 days ago | 3 | |||||||
| A curated list of awesome ECS guides, development tools, and resources | ||||||||||
| Architect | 2,331 |  | 38 | 12 | 21 days ago | 376 | September 08, 2022 | 76 | apache-2.0 | JavaScript |
| The simplest, most powerful way to build a functional web app (fwa) | ||||||||||
| Components | 2,305 |  | 13 | 31 | 4 months ago | 509 | January 19, 2022 | 151 | apache-2.0 | JavaScript |
| The Serverless Framework's new infrastructure provisioning technology — Build, compose, & deploy serverless apps in seconds... | ||||||||||
| Aws Lambda Developer Guide | 2,120 | 10 days ago | 91 | other | Java | |||||
| The AWS Lambda Developer Guide | ||||||||||
| Serverless | 1,988 | a month ago | 120 | mit | TypeScript | |||||
| This is intended to be a repo containing all of the official AWS Serverless architecture patterns built with CDK for developers to use. All patterns come in Typescript and Python with the exported CloudFormation also included. | ||||||||||
Velero plugins for AWS
Overview
This repository contains these plugins to support running Velero on AWS:
-
An object store plugin for persisting and retrieving backups on AWS S3. Content of backup is log files, warning/error files, restore logs.
-
A volume snapshotter plugin for creating snapshots from volumes (during a backup) and volumes from snapshots (during a restore) on AWS EBS.
Compatibility
Below is a listing of plugin versions and respective Velero versions that are compatible.
| Plugin Version | Velero Version |
|---|---|
| v1.1.x | v1.4.x |
| v1.0.x | v1.3.x |
| v1.0.x | v1.2.0 |
Setup
To set up Velero on AWS, you:
- Create an S3 bucket
- Set permissions for Velero
- Install and start Velero
- Migrating PVs across clusters
If you do not have the aws CLI locally installed, follow the user guide to set it up.
Create S3 bucket
Velero requires an object storage bucket to store backups in, preferably unique to a single Kubernetes cluster (see the FAQ for more details). Create an S3 bucket, replacing placeholders appropriately:
BUCKET=<YOUR_BUCKET>
REGION=<YOUR_REGION>
aws s3api create-bucket \
--bucket $BUCKET \
--region $REGION \
--create-bucket-configuration LocationConstraint=$REGION
NOTE: us-east-1 does not support a LocationConstraint. If your region is us-east-1, omit the bucket configuration:
aws s3api create-bucket \
--bucket $BUCKET \
--region us-east-1
Set permissions for Velero
Option 1: Set permissions with an IAM user
For more information, see the AWS documentation on IAM users.
-
Create the IAM user:
aws iam create-user --user-name veleroIf you'll be using Velero to backup multiple clusters with multiple S3 buckets, it may be desirable to create a unique username per cluster rather than the default
velero. -
Attach policies to give
velerothe necessary permissions:cat > velero-policy.json <<EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeVolumes", "ec2:DescribeSnapshots", "ec2:CreateTags", "ec2:CreateVolume", "ec2:CreateSnapshot", "ec2:DeleteSnapshot" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:DeleteObject", "s3:PutObject", "s3:AbortMultipartUpload", "s3:ListMultipartUploadParts" ], "Resource": [ "arn:aws:s3:::${BUCKET}/*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::${BUCKET}" ] } ] } EOFaws iam put-user-policy \ --user-name velero \ --policy-name velero \ --policy-document file://velero-policy.json -
Create an access key for the user:
aws iam create-access-key --user-name veleroThe result should look like:
{ "AccessKey": { "UserName": "velero", "Status": "Active", "CreateDate": "2017-07-31T22:24:41.576Z", "SecretAccessKey": <AWS_SECRET_ACCESS_KEY>, "AccessKeyId": <AWS_ACCESS_KEY_ID> } } -
Create a Velero-specific credentials file (
credentials-velero) in your local directory:[default] aws_access_key_id=<AWS_ACCESS_KEY_ID> aws_secret_access_key=<AWS_SECRET_ACCESS_KEY>where the access key id and secret are the values returned from the
create-access-keyrequest.
Option 2: Set permissions using kube2iam
Kube2iam is a Kubernetes application that allows managing AWS IAM permissions for pod via annotations rather than operating on API keys.
This path assumes you have
kube2iamalready running in your Kubernetes cluster. If that is not the case, please install it first, following the docs here: jtblin/kube2iam
It can be set up for Velero by creating a role that will have required permissions, and later by adding the permissions annotation on the velero deployment to define which role it should use internally.
-
Create a Trust Policy document to allow the role being used for EC2 management & assume kube2iam role:
cat > velero-trust-policy.json <<EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" }, { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<AWS_ACCOUNT_ID>:role/<ROLE_CREATED_WHEN_INITIALIZING_KUBE2IAM>" }, "Action": "sts:AssumeRole" } ] } EOF -
Create the IAM role:
aws iam create-role --role-name velero --assume-role-policy-document file://./velero-trust-policy.json -
Attach policies to give
velerothe necessary permissions:BUCKET=<YOUR_BUCKET> cat > velero-policy.json <<EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeVolumes", "ec2:DescribeSnapshots", "ec2:CreateTags", "ec2:CreateVolume", "ec2:CreateSnapshot", "ec2:DeleteSnapshot" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:DeleteObject", "s3:PutObject", "s3:AbortMultipartUpload", "s3:ListMultipartUploadParts" ], "Resource": [ "arn:aws:s3:::${BUCKET}/*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::${BUCKET}" ] } ] } EOFaws iam put-role-policy \ --role-name velero \ --policy-name velero-policy \ --policy-document file://./velero-policy.json
Install and start Velero
Download Velero
Install Velero, including all prerequisites, into the cluster and start the deployment. This will create a namespace called velero, and place a deployment named velero in it.
If using IAM user and access key:
velero install \
--provider aws \
--plugins velero/velero-plugin-for-aws:v1.1.0 \
--bucket $BUCKET \
--backup-location-config region=$REGION \
--snapshot-location-config region=$REGION \
--secret-file ./credentials-velero
If using kube2iam:
velero install \
--provider aws \
--plugins velero/velero-plugin-for-aws:v1.1.0 \
--bucket $BUCKET \
--backup-location-config region=$REGION \
--snapshot-location-config region=$REGION \
--pod-annotations iam.amazonaws.com/role=arn:aws:iam::<AWS_ACCOUNT_ID>:role/<VELERO_ROLE_NAME> \
--no-secret
Additionally, you can specify --use-restic to enable restic support, and --wait to wait for the deployment to be ready.
(Optional) Specify additional configurable parameters for the --backup-location-config flag.
(Optional) Specify additional configurable parameters for the --snapshot-location-config flag.
(Optional) Customize the Velero installation further to meet your needs.
For more complex installation needs, use either the Helm chart, or add --dry-run -o yaml options for generating the YAML representation for the installation.
Migrating PVs across clusters
Setting AWS_CLUSTER_NAME (Optional)
If you have multiple clusters and you want to support migration of resources between them, you can use kubectl edit deploy/velero -n velero to edit your deployment:
Add the environment variable AWS_CLUSTER_NAME under spec.template.spec.env, with the current cluster's name. When restoring backup, it will make Velero (and cluster it's running on) claim ownership of AWS volumes created from snapshots taken on different cluster.
The best way to get the current cluster's name is to either check it with used deployment tool or to read it directly from the EC2 instances tags.
The following listing shows how to get the cluster's nodes EC2 Tags. First, get the nodes external IDs (EC2 IDs):
kubectl get nodes -o jsonpath='{.items[*].spec.externalID}'
Copy one of the returned IDs <ID> and use it with the aws CLI tool to search for one of the following:
-
The
kubernetes.io/cluster/<AWS_CLUSTER_NAME>tag of the valueowned. The<AWS_CLUSTER_NAME>is then your cluster's name:aws ec2 describe-tags --filters "Name=resource-id,Values=<ID>" "Name=value,Values=owned" -
If the first output returns nothing, then check for the legacy Tag
KubernetesClusterof the value<AWS_CLUSTER_NAME>:aws ec2 describe-tags --filters "Name=resource-id,Values=<ID>" "Name=key,Values=KubernetesCluster"
