Backup and Restore using Velero with MinIO¶
This guide explains how to configure Velero with MinIO as the backend storage for performing backup and restore operations in an air-gapped controller environment.
Unlike public S3 services, this setup assumes MinIO is hosted on a separate Linux server within the same private network, ensuring data locality and offline functionality.
Prerequisites¶
Ensure the following are available before proceeding:
- A MinIO server accessible over the private network
- A dedicated bucket in the MinIO server for Velero backups
- MinIO access credentials (Access Key and Secret Key)
- MinIO API endpoint:
http://<MINIO_SERVER_IP>:9000 - MinIO Console UI:
http://<MINIO_SERVER_IP>:9001 - Network connectivity between the Kubernetes cluster and the MinIO server
Backup Implementation Procedure¶
Follow the steps below to enable and schedule backup jobs using Velero with MinIO.
Note: If backups are already enabled and scheduled, this section can be skipped.
Step 1: Create a MinIO Bucket¶
Skip this step if a backup bucket already exists.
Use the MinIO Client (mc) or the console UI to create the bucket:
# Using MinIO Client
mc alias set myminio http://<MINIO_SERVER_IP>:9000 <ACCESS_KEY> <SECRET_KEY>
mc mb myminio/<YOUR_BUCKET_NAME>
# Or access the Console UI at:
http://<MINIO_SERVER_IP>:9001
Step 2: Verify MinIO Connectivity¶
# List buckets to verify access
mc ls myminio/
Step 3: Update the backup_restore Section in config.yaml¶
Update the config.yaml file as shown below:
backup_restore:
enabled: true
restore: false
schedule: "0 0 * * *" # Use cron syntax for scheduling (e.g., every day at midnight)
bucketName: "rafay-core-backup"
retentionPeriod: "168h0m0s" # Retain backups for 7 days
resticEnable: true # Enable pod volume backups
snapshotsEnabled: true # Enable volume snapshots
# External Blob Storage (MinIO) credentials (base64 encoded)
externalBlobStorage:
username: "" # Base64-encoded Access Key
password: "" # Base64-encoded Secret Key
endpoint: "" # e.g., http://<MINIO_SERVER_IP>:9000
Step 4: Enable Backup Support with Velero¶
Run the following command to install controller dependencies with Velero enabled:
sudo radm dependency --config config.yaml
Step 5: Verify Backup Job Execution¶
Use the command below to confirm scheduled backups are being created:
kubectl get backups -n velero
NAMESPACE NAME AGE
velero velero-rafay-core-backup-20240403100012 22h
velero velero-rafay-core-backup-20240403110012 21h
velero velero-rafay-core-backup-20240403120013 20h
velero velero-rafay-core-backup-20240403130013 19h
Step 6: Check Backup Status¶
Verify backup status and progress:
kubectl describe backup -n velero velero-rafay-core-backup-20240403130013
Sample output (excerpt)
Status:
Completion Timestamp: 2024-04-04T05:34:10Z
Expiration: 2024-04-11T05:33:37Z
Phase: Completed
Progress:
Items Backed Up: 9037
Total Items: 9037
Volume Snapshots Attempted: 13
Volume Snapshots Completed: 13
Restore Procedure¶
Follow the steps below to restore the controller from an existing backup.
Step 1: Prepare the Controller Package¶
- Download and extract the controller tarball
- Ensure the
config.yamlfile is aligned with the previous (backup) configuration - Update the
backup_restoresection inconfig.yamlas follows:
backup_restore:
enabled: true
restore: true
bucketName: "rafay-core-backup"
restoreFolderName: "velero-rafay-core-backup-20250519130015" # Update with latest backup folder name
resticEnable: true
snapshotsEnabled: true
# External Blob Storage (MinIO) credentials (base64 encoded)
externalBlobStorage:
username: "" # Base64-encoded Access Key
password: "" # Base64-encoded Secret Key
endpoint: "" # e.g., http://<MINIO_SERVER_IP>:9000
⚠️ Ensure
restoreFolderNamematches the backup name to be restored.
Step 2: Initialize the Controller¶
sudo radm init --config config.yaml
Step 3: Deploy the Controller with Restore Enabled¶
sudo radm dependency --config config.yaml
sudo radm application --config config.yaml
After completion, the controller will be restored using the latest Velero backup from MinIO.