You can use the Velero Plugin for vSphere to backup and restore workloads running on a Tanzu Kubernetes cluster by installing the Velero Plugin for vSphere on that cluster.

Overview

The Velero Plugin for vSphere provides a solution for backing up and restoring Tanzu Kubernetes cluster workloads for clusters provisioned by the Tanzu Kubernetes Grid Service. For persistent workloads, the Velero Plugin for vSphere lets you take snapshots of the persistent volumes.
Note: If you require portability for the Tanzu Kubernetes cluster workloads you want to backup and restore, do not use the Velero Plugin for vSphere. For portability across Kubernetes clusters, use standalone Velero with Restic. See Install and Configure Standalone Velero and Restic on a Tanzu Kubernetes Cluster.

Prerequisite: Install the Velero Plugin for vSphere on the Supervisor Cluster

Installing the Velero Plugin for vSphere on a Tanzu Kubernetes cluster requires the Supervisor Cluster to have the Velero Plugin for vSphere installed. In addition, the Supervisor Cluster must be configured with NSX-T networking.

Prior to the installation of the Velero Plugin for vSphere on a Tanzu Kubernetes cluster, you must first install the Velero Plugin for vSphere on the Supervisor Cluster. SeeInstall and Configure the Velero Plugin for vSphere on the Supervisor Cluster.

Install the Velero CLI on a Linux Workstation

The Velero CLI is the standard tool for interfacing with Velero. The Velero CLI provides more functionality than the Velero Plugin for vSphere CLI (velero-vsphere) and is required for backing up and restoring Tanzu Kubernetes cluster workloads.

Install the Velero CLI on a Linux workstation. Ideally this is the same jump host where you run associated CLIs for your vSphere with Tanzu environment, including kubectl, kubectl-vsphere, and velero-vsphere.

Complete the following steps to install the Velero CLI.
  1. Download the supported version of the Velero CLI from the VMware product downloads page. For more information about the supported Velero version, see the Release Notes.
  2. Open a command line and change directory to the Velero CLI download.
    gunzip velero-linux-v1.x.x_vmware.1.gz
  3. Check for the Velero binary.
    ls -l
    
    -rw-r--r-- 1 root root 7142128 Aug 14 14:14 velero-linux-v1.x.x_vmware.1
    
  4. Grant execute permissions to the Velero CLI.
    chmod +x velero-linux-v1.x.x_vmware.1
  5. Make the Velero CLI globally available by moving it to the system path.
    cp velero-linux-v1.x.x_vmware.1 /usr/local/bin/velero
  6. Verify the installation of the Velero CLI.
    velero version
    
    Client:
        Version: v1.x.x

Get the S3-Compatible Bucket Details

For convenience, the steps assume that you are using the same S3-compatible object store that you configured when you installed the Velero Plugin for vSphere on the Supervisor Cluster. In production you may want to create a separate object store.

To install the Velero Plugin for vSphere, you will need to provide the following information about your S3-compatible object store.
Data Item Example Value
s3Url http://my-s3-store.example.com
aws_access_key_id ACCESS-KEY-ID-STRING
aws_secret_access_key SECRET-ACCESS-KEY-STRING
Create a secrets file name s3-credentials with the following information. You will reference this file when you install the Velero Plugin for vSphere.
aws_access_key_id = ACCESS-KEY-ID-STRING
aws_secret_access_key = SECRET-ACCESS-KEY-STRING

Install the Velero Plugin for vSphere on the Tanzu Kubernetes Cluster

You are going to use the Velero CLI to install the Velero Plugin for vSphere on the target Tanzu Kubernetes cluster that you want to backup and restore.

The Velero CLI context will automatically follow the kubectl context. Before running Velero CLI commands to install Velero and the Velero Plugin for vSphere on the target cluster, be sure to set the kubectl context to the target cluster.
  1. Using the vSphere Plugin for kubectl, authenticate with the Supervisor Cluster. See Connect to the Supervisor Cluster as a vCenter Single Sign-On User.
  2. Set the kubectl context to the target Tanzu Kubernetes cluster.
    kubectl config use-context TARGET-TANZU-KUBERNETES-CLUSTER
  3. Run the following Velero CLI command to install Velero on the target cluster.

    Replace the placeholder values for the BUCKET-NAME, REGION (two instances), and s3Url fields with the appropriate values. If you deviated from any of the preceding instructions, adjust those values as well, such as the name or location of the secrets file, the name of the manually created velero namespace, etc.

    ./velero install --provider aws \
    --bucket BUCKET-NAME \
    --secret-file ./s3-credentials \
    --features=EnableVSphereItemActionPlugin \
    --plugins velero/velero-plugin-for-aws:v1.1.0 \
    --snapshot-location-config region=REGION \
    --backup-location-config region=REGION,s3ForcePathStyle="true",s3Url=http://my-s3-store.example.com
  4. Install the Velero Plugin for vSphere on the target cluster. The installed Velero will communicate with Kubernetes API server to install the plugin.
    velero plugin add vsphereveleroplugin/velero-plugin-for-vsphere:1.1.0

Uninstall the Velero Plugin for vSphere from the Cluster

Complete these steps to uninstall the Velero Plugin for vSphere.
  1. Set the kubectl context to the target Tanzu Kubernetes cluster.
    kubectl config use-context TARGET-TANZU-KUBERNETES-CLUSTER
  2. To uninstall the plugin, run the following command to remove the InitContainer of velero-plugin-for-vsphere from the Velero deployment.
    velero plugin remove vsphereveleroplugin/velero-plugin-for-vsphere:1.1.0
  3. To complete the un-installation, delete the Backup Driver deployment and related CRDs.
    kubectl -n velero delete deployment.apps/backup-driver
    kubectl delete crds \
    backuprepositories.backupdriver.cnsdp.vmware.com \
    backuprepositoryclaims.backupdriver.cnsdp.vmware.com \
    clonefromsnapshots.backupdriver.cnsdp.vmware.com \
    deletesnapshots.backupdriver.cnsdp.vmware.com \
    snapshots.backupdriver.cnsdp.vmware.com
    kubectl delete crds uploads.datamover.cnsdp.vmware.com downloads.datamover.cnsdp.vmware.com