You can use Velero to back up the kubernetes resources including persistent volumes data under specific namespaces.

Prerequisites

Install and Configure Velero Add-On for the Workload Clusters.

Procedure

  1. Log in to the VMware Telco Cloud Automation web interface.
  2. Navigate to Infrastructure > Virtual Infrastructure.
  3. Open the web terminal by clicking the Options (three dots) corresponding to the workload cluster you want to backup and then selecting Open Terminal.
  4. On the Web terminal, check the service health of Velero by running the following command: 
    # kubectl get pod -n velero
# kubectl get bsl -n velero
  5. Set an environmental variable to exclude the cluster resources from backing up. 
    # export TCA_VELERO_EXCLUDE_RESOURCES="issuers.cert-manager.io,certificates.cert-manager.io,certificaterequests.cert-manager.io,gateways.networking.x-k8s.io,gatewayclasses.networking.x-k8s.io"
  6. Back up specific namespaces. 
    # velero backup create <example-backup> --exclude-resources $TCA_VELERO_EXCLUDE_RESOURCES --include-namespaces <example-namespaces-by-comma> 

    The above backup command uses velero-plugin-for-vsphere as default to backup the Persistent Volumes created with vSphere CSI plugin. If the cluster exists in Persistent Volumes, created with nfs-client plugin to backup, you have two options:

    Option 1: Annotate the pod which mounts volumes to Persistent Volumes created with nfs-client storage class to back up using Restic.

    # kubectl -n <pod_namespace> annotate pod/<pod-name> backup.velero.io/backup-volumes=<volume-name1>,<volume-name2>,…
# velero backup create <example-backup> --exclude-resources=$TCA_VELERO_EXCLUDE_RESOURCES --include-namespaces <example-namespaces-by-comma>

    This annotation can also be provided in a pod template spec if you use a controller to manage your pods. To quickly set the annotation on a pod template (.spec.template.metadata.annotations) without modifying the full manifest, use 'kubectl patch' command. For example:

    # kubectl -n <pod_namespace> patch deployment <pod_controller_name> -p '{"spec": {"template":{"metadata":{"annotations":{"backup.velero.io/backup-volumes":"<volume-name>","<volume2-name>"}}}} }'

    Option 2: Change default PV backup plugin to Restic. This will allow Restic to back up all the types of Persistent Volumes, including the ones created with vSphere CSI plugin.

    # velero backup create <example-backup> --default-volumes-to-fs-backup --exclude-resources=$TCA_VELERO_EXCLUDE_RESOURCES --include-namespaces <example-namespaces-by-comma>
  7. Check the backup status and related CRs and wait until the processes are "Completed". 
    # velero backup get // check the backup status

    Check the status of uploads CR if using velero-plugin-for-vsphere to back up PV data.

    # kubectl get uploads -n velero // get the upload-name 
# kubectl get uploads <upload-name> -o yaml // check the uploads status in yaml output

    If you annotate pods and use Restic to back up PV data, check the status of podvolumebackups.

    # kubectl get podvolumebackups -n velero // get the podvolumebackup-name 
# kubectl get podvolumebackups <podvolumebackup-name> -o yaml // check the podvolumebackups status in yaml output

What to do next

Restore Specific Namespaces