When you want to back up the IBM® DevOps Test Hub (Test Hub) data, you must prepare your
Azure Kubernetes Service (AKS) cluster to store the backed-up data.
You must have completed the following tasks:
-
Ensure that you have an Azure subscription along with an
Owner or Contributor and
User-Access Administrator role on the Azure
subscription.
You can create a subscription from Microsoft Azure if you do not have a valid
subscription.
-
Downloaded the Velero 1.14.x from the Velero repository.
CAUTION: The instructions provided in this
procedure are an example of how an AKS cluster can be configured to use
Velero 1.14.x Microsoft Azure plugin for backing up and restoring the Test Hub data. The
procedures to backup and restore the server data might be not valid in all
the scenarios.
-
Copied the Velero executable file into one of the directories in the
PATH environment variable.
-
Installed Azure Command-Line Interface (CLI). For more information, refer
to the Azure CLI documentation.
Velero is one of the tools that is available to back up and restore the server data.
You must prepare your AKS cluster where you installed Test Hub before you back up the
data by using Velero.
-
Run the following command to log in to AKS interactively:
The command-line interface opens a browser and displays the
Log-in page of AKS.
-
Sign in with your AKS account credentials.
-
Run the following command to set your active subscription:
az account set --subscription <subscription_name>
You must replace
<subscription_name>
with the name of your
active Azure subscription.
-
Run the following command to set the location of your AKS
cluster:
az configure --defaults location=<location_name>
For example, az configure --defaults
location=eastus2
Tip: You can run the following command to get the list of
all the available
locations:
az account list-locations --query "[].{DisplayName:displayName, Name:name}" -o table
-
Run the following commands to deploy the velero backup template for taking the
backup of files:
RESOURCE_GROUP=devops
INSTANCE=devops0
IDENTITY_NAME=velero
BLOB_CONTAINER=velero
AZURE_BACKUP_RESOURCE_GROUP=Velero_Backups
AZURE_STORAGE_ACCOUNT_ID="velero$(date -u +%s)"
MANAGED_CLUSTER_RESOURCE_GROUP=$(az aks show -g $RESOURCE_GROUP -n $INSTANCE -o tsv --query nodeResourceGroup)
cd hcl-devops/azure/ #Navigate to the directory where you have the installation files
az group create -n $AZURE_BACKUP_RESOURCE_GROUP --location <location_name>
az deployment group create -g $MANAGED_CLUSTER_RESOURCE_GROUP --template-file azure/backup.bicep --parameters backupResourceGroupName=$AZURE_BACKUP_RESOURCE_GROUP identityName=$IDENTITY_NAME storageAccountId=$AZURE_STORAGE_ACCOUNT_ID blobContainerName=$BLOB_CONTAINER
Note: You must replace <location_name>
with the name of
your location of the AKS cluster.
-
Run the following commands to create service account and cluster role
binding:
AZURE_SUBSCRIPTION_ID=$(az account list --query '[?isDefault].id' -o tsv)
AZURE_TENANT_ID=$(az account show -s $AZURE_SUBSCRIPTION_ID --query tenantId -o tsv)
IDENTITY_CLIENT_ID="$(az identity show -g $MANAGED_CLUSTER_RESOURCE_GROUP -n $IDENTITY_NAME --subscription $AZURE_SUBSCRIPTION_ID --query clientId -o tsv)"
kubectl create namespace velero
cat <<EOF | kubectl apply -n velero -f -
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
azure.workload.identity/client-id: $IDENTITY_CLIENT_ID
name: velero
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: velero-cluster-admin
subjects:
- kind: ServiceAccount
name: velero
namespace: velero
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
EOF
-
Run the following commands to establish federated identity credential between
the identity and the service account issuer & subject:
SERVICE_ACCOUNT_ISSUER=$(az aks show --resource-group $RESOURCE_GROUP --name $INSTANCE --query oidcIssuerProfile.issuerUrl -o tsv)
az identity federated-credential create \
--name kubernetes-federated-credential \
--identity-name "$IDENTITY_NAME" \
--resource-group "$MANAGED_CLUSTER_RESOURCE_GROUP" \
--issuer "$SERVICE_ACCOUNT_ISSUER" \
--subject system:serviceaccount:velero:velero
-
Run the following command to create the velero credentials file that contains
all the relevant environment variables:
cat << EOF > ./credentials-velero
AZURE_SUBSCRIPTION_ID=$AZURE_SUBSCRIPTION_ID
AZURE_RESOURCE_GROUP=$MANAGED_CLUSTER_RESOURCE_GROUP
AZURE_CLOUD_NAME=AzurePublicCloud
EOF
-
Run the following command to install velero:
velero install \
--provider azure \
--plugins=velero/velero-plugin-for-microsoft-azure:v1.10.1 \
--service-account-name velero \
--pod-labels azure.workload.identity/use=true \
--bucket $BLOB_CONTAINER \
--secret-file ./credentials-velero \
--backup-location-config useAAD="true",storageAccountURI="https://$AZURE_STORAGE_ACCOUNT_ID.blob.core.windows.net",resourceGroup=$AZURE_BACKUP_RESOURCE_GROUP,storageAccount=$AZURE_STORAGE_ACCOUNT_ID,subscriptionId=$AZURE_SUBSCRIPTION_ID \
--snapshot-location-config apiTimeout=5m,resourceGroup=$AZURE_BACKUP_RESOURCE_GROUP,subscriptionId=$AZURE_SUBSCRIPTION_ID \
--wait
-
To verify that the velero installation is complete, run the following command
and verify that the pods are running.
kubectl get pod -n velero
You have prepared your cluster to back up the server
data.