Velero can back up AKS workloads by capturing their Kubernetes API objects and persistent volume data, then storing them in object storage.
Let’s see Velero in action. Imagine you have a simple Nginx deployment and a persistent volume claim (PVC) for it.
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
volumeMounts:
- name: nginx-data
mountPath: /usr/share/nginx/html
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nginx-pvc
namespace: default
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
First, you need to install Velero. You can do this with the Velero CLI.
velero install \
--provider azure \
--plugins velero/velero-plugin-for-microsoft-azure:v1.1.0 \
--bucket <your-bucket-name> \
--secret-file ./azure-credentials.json \
--use-node-agent \
--node-agent-install-only \
--wait
This command sets up Velero to use Azure Blob Storage. The --bucket flag specifies where your backups will be stored, and --secret-file points to a JSON file containing your Azure credentials. velero/velero-plugin-for-microsoft-azure:v1.1.0 is the specific plugin for Azure.
Now, let’s create a backup of our Nginx deployment and its PVC.
velero backup create nginx-backup \
--include-namespaces default \
--selector app=nginx \
--wait
This command initiates a backup named nginx-backup. It targets the default namespace and specifically selects resources with the label app=nginx. The --wait flag makes the CLI block until the backup is complete.
You can check the status of the backup:
velero backup get nginx-backup
And view the details, including which objects were backed up:
velero backup describe nginx-backup
The output will show that your Deployment, PersistentVolumeClaim, and potentially the underlying PersistentVolume (depending on your storage class and configuration) have been backed up. If your PVC is backed by a dynamic provisioner, Velero will snapshot the underlying storage. For example, if you’re using Azure Disk, Velero will trigger a snapshot of that disk.
To restore, you can use:
velero restore create --from-backup nginx-backup
This will recreate the Nginx deployment and its PVC from the backup. The crucial part here is how Velero handles persistent volumes. For Azure Disk, Velero interacts with the Azure API to create a snapshot of the disk associated with the PVC. During restore, it creates a new Azure Disk from that snapshot and then provisions a new PVC that points to this restored disk. This ensures your application data is preserved.
The most surprising thing about Velero’s persistent volume backup is that it doesn’t copy the raw data itself. Instead, it relies on the underlying cloud provider’s snapshotting capabilities. This is incredibly efficient because it leverages the infrastructure’s built-in features for data protection, meaning Velero itself doesn’t need to stream gigabytes or terabytes of data during a backup. It orchestrates the snapshot creation and restoration process.
The next step is to explore how to schedule these backups automatically.