Disaster Recovery Module

Disaster Recovery Module implements backups and disaster recovery for the SIGHUP Distribution (SD) using Velero.

If you are new to SD please refer to the official documentation on how to get started with SD.

Overview

Disaster Recovery Module module is based on Velero, Velero Node Agent and etcd backup (S3/PVC).

Velero allows you to:

• backup your cluster
• restore your cluster in case of problems
• migrate cluster resources to other clusters
• replicate your production environment to development and testing environment.

ETCD backup allows you to:

• snapshot your ETCD cluster on an S3 bucket
• snapshot your ETCD cluster on an already provisioned PVC

Together with Velero, Velero Node Agent allows you to:

• backup Kubernetes volumes
• restore Kubernetes volumes

And by using the snapshot-controller, the support for CSI Snapshot Data Movement can be enabled, which allows you to:

• backup the volume data to a pre-defined backup storage
• have consistent backups of your data

The module contains also velero plugins to natively integrate with Velero with different cloud providers and use cloud provider's volumes as the storage backend.

Packages

Disaster Recovery Module provides the following packages:

Package	Version	Description
velero	v1.15.2	Backup and restore, perform disaster recovery, and migrate Kubernetes cluster resources and persistent volumes.
etcd-backup-s3	homegrown	Backup ETCD on a remote S3 bucket.
etcd-backup-pvc	homegrown	Backup ETCD on a PersistentVolumeClaim.

The velero package contains the following additional components:

Component	Description
velero-node-agent	Incremental backup and restore of Kubernetes volumes.
velero-schedules	Common schedules for backup

Integration with cloud providers

Use the following Velero Plugins to integrate Velero with cloud providers:

Plugin	Description
velero-aws	Plugins to support running Velero on AWS
velero-gcp	Plugins to support running Velero on GCP
velero-azure	Plugins to support running Velero on Azure

Deploy the necessary infrastructure to persist the backups natively in cloud providers volumes, using the following terraform modules:

Terraform Module	Description
aws-velero	Creates AWS resources and Kubernetes CRDs to persist backups.
azure-velero	Creates Azure resources and Kubernetes CRDs to persist backups.
gcp-velero	Creates GCP resources and Kubernetes CRDs to persist backups.

Compatibility

Kubernetes Version	Compatibility	Notes
1.29.x	✅	No known issues
1.30.x	✅	No known issues
1.31.x	✅	No known issues
1.32.x	✅	No known issues

Check the compatibility matrix for additional information about previous releases of the modules.

Usage

Disaster Recovery Module's Velero deployment depends on the environment.

Environment	Storage Backend	Velero Plugin	Terraform Module
Velero on AWS	S3 Bucket	velero-aws	aws-velero
Velero on GCP	GCS	velero-gcp	gcp-velero
Velero on Azure	AZ Storage Container	velero-azure	azure-velero
Velero on-premises	MinIo	velero-on-prem	/

Disaster Recovery Module's etcd-backup deployment depends on the final location of the backups.

Package	Storage Location
etcd-backup-s3	S3 Bucket
etcd-backup-pvc	PersistentVolumeClaim

Prerequisites

Tool	Version	Description
furyctl	>=0.25.0	The recommended tool to download and manage SD modules and their packages. To learn more about furyctl read the official documentation.
kustomize	>=3.5.3	Packages are customized using kustomize. To learn how to create your customization layer with kustomize, please refer to the repository.
terraform	>=1.3	Additional infrastructure is deployed using terraform.

Velero on AWS

Velero on AWS is based on the AWS Velero Plugin.

It requires the secret cloud-credentials in the kube-system namespace containing a service account with appropriate credentials. As an alternative, the module supports authentication via IAM Roles.

To deploy Velero on AWS:

1. List the packages you want to deploy and their version in a Furyfile.yml

bases:
  - name: dr/velero/velero-base
    version: "v3.1.0"
  - name: dr/velero/velero-aws
    version: "v3.1.0"
  - name: dr/velero/velero-node-agent
    version: "v3.1.0"
  - name: dr/velero/velero-schedules
    version: "v3.1.0"

modules:
  - name: dr/aws-velero
    version: "v3.1.0"

See furyctl documentation for additional details about Furyfile.yml format.

2. Execute furyctl legacy vendor -H to download the packages

3. Inspect the downloaded packages under ./vendor/katalog/velero.

4. Deploy the necessary infrastructure via terraform using the aws-velero terraform module:

module "velero" {
  source             = "path/to/vendor/modules/aws-velero"
  backup_bucket_name = "my-cluster-velero"
  project            = "sighup-staging"
}

More information on modules inputs can be found in the aws-velero module documentation

Here you can find an example designed to create all necessary cloud resources for Velero on AWS.

5. Define a kustomization.yaml that includes the downloaded resources.

resources:
  - ./vendor/katalog/dr/velero/velero-aws
  - ./vendor/katalog/dr/velero/velero-node-agent
  - ./vendor/katalog/dr/velero/velero-schedules

6. To deploy the packages to your cluster, execute:

kustomize build . | kubectl apply -f -

Velero on GCP

Velero on GCP is based on the Velero GCP Plugin.

It requires the secret cloud-credentials in the kube-system namespace containing a service account with appropriate credentials. As an alternative, the module supports workload identity.

Check the required Velero GCP plugin permissions here

To deploy Velero on GCP:

1. List the packages you want to deploy and their version in a Furyfile.yml

bases:
  - name: dr/velero/velero-base
    version: "v3.1.0"
  - name: dr/velero/velero-gcp
    version: "v3.1.0"
  - name: dr/velero/velero-node-agent
    version: "v3.1.0"
  - name: dr/velero/velero-schedules
    version: "v3.1.0"

modules:
  - name: dr/gcp-velero
    version: "v3.1.0"

See furyctl documentation for additional details about Furyfile.yml format.

2. Execute furyctl legacy vendor -H to download the packages

3. Inspect the downloaded packages under ./vendor/katalog/velero.

4. Deploy the necessary infrastructure via terraform using the gcp-velero terraform module:

module "velero" {
  source             = "path/to/vendor/modules/gcp-velero"
  backup_bucket_name = "my-cluster-velero"
  project            = "sighup-staging"
}

More information on modules inputs can be found in the gcp-velero module documentation

Here you can find an example designed to create all necessary cloud resources for Velero on GCP.

5. Define a kustomization.yaml that includes the downloaded resources.

resources:
  - ./vendor/katalog/dr/velero/velero-gcp
  - ./vendor/katalog/dr/velero/velero-node-agent
  - ./vendor/katalog/dr/velero/velero-schedules

6. To deploy the packages to your cluster, execute:

kustomize build . | kubectl apply -f -

Velero on Azure

Velero on Azure is based on the Azure Velero Plugin.

Requires the cloud-credentials secret config in the kube-system namespace.

To deploy Velero on Azure:

1. List the packages you want to deploy and their version in a Furyfile.yml

bases:
  - name: dr/velero/velero-base
    version: "v3.1.0"
  - name: dr/velero/velero-azure
    version: "v3.1.0"
  - name: dr/velero/velero-node-agent
    version: "v3.1.0"
  - name: dr/velero/velero-schedules
    version: "v3.1.0"

modules:
  - name: dr/azure-velero
    version: "v3.1.0"

See furyctl documentation for additional details about Furyfile.yml format.

2. Execute furyctl legacy vendor -H to download the packages

3. Inspect the downloaded packages under ./vendor/katalog/velero.

4. Deploy the necessary infrastructure via terraform using the azure-velero terraform module:

module "velero" {
  source             = "path/to/vendor/modules/azure-velero"
  backup_bucket_name = "my-cluster-velero"
  project            = "sighup-staging"
}

More information on modules inputs can be found in the azure-velero module documentation

Here you can find an example designed to create all necessary cloud resources for Velero on Azure.

5. Define a kustomization.yaml that includes the downloaded resources.

resources:
  - ./vendor/katalog/dr/velero/velero-azure
  - ./vendor/katalog/dr/velero/velero-node-agent
  - ./vendor/katalog/dr/velero/velero-schedules

6. To deploy the packages to your cluster, execute:

kustomize build . | kubectl apply -f -

Velero on-premises

velero-on-prem deploys a MinIO in-cluster instance as an object storage backend for Velero.

Please note that the MinIO server is running in the same cluster that is being backed up.

To deploy velero on-prem:

1. List the packages you want to deploy and their version in a Furyfile.yml

bases:
  - name: dr/velero/velero-base
    version: "v3.1.0"
  - name: dr/velero/velero-on-prem
    version: "v3.1.0"
  - name: dr/velero/velero-node-agent
    version: "v3.1.0"
  - name: dr/velero/velero-schedules
    version: "v3.1.0"

See furyctl documentation for additional details about Furyfile.yml format.

2. Execute furyctl legacy vendor -H to download the packages

3. Inspect the downloaded packages under ./vendor/katalog/velero.

4. Define a kustomization.yaml that includes the downloaded resources.

resources:
  - ./vendor/katalog/dr/velero/velero-on-prem
  - ./vendor/katalog/dr/velero/velero-node-agent
  - ./vendor/katalog/dr/velero/velero-schedules

5. To deploy the packages to your cluster, execute:

kustomize build . | kubectl apply -f -

ETCD Backup S3

etcd-backup-s3 deploys a CronJob that continuously backups the etcd cluster and saves the snapshots in a S3 bucket. In order to deploy etcd-backup-s3, please refer to the package's README.md.

ETCD Backup PVC

etcd-backup-pvc deploys a CronJob that continuously backups the etcd cluster and saves the snapshots in a PersistentVolumeClaim. In order to deploy etcd-backup-pvc, please refer to the package's README.md.

Contributing

Before contributing, please read first the Contributing Guidelines.

Reporting Issues

In case you experience any problem with the module, please open a new issue.

License

This module is open-source and it's released under the following LICENSE