Velero for Kubernetes: Backup & Restore Stateful Workloads with Restic for Velero

This article is part of a series of blog posts on using Velero for Kubernetes backup, restore, migration & disaster recovery.

All articles in this series explore Velero in the context of AWS Elastic Kubernetes Service (EKS).

In the earlier post in this series we saw how to backup & restore stateful WordPress using AWS EBS snapshots.

In this post, we will see how to accomplish the same without snapshots, using file-system level backups alone.

But why would you want to do that?

File system backups instead of snapshots can be useful when:

  1. You are migrating workloads across AWS regions. Use S3 backups instead of migrating snapshots across regions.
  2. Migrating Kubernetes workloads across cloud providers, or from on-prem to the cloud.

Install Restic

Restic is another open-source project that provides file system backups for Velero.

Restic is not installed by default with Velero. Install it as follows:

velero install \
--backup-location-config region=ap-south-1 \
--bucket S3_BUCKET \
--default-volumes-to-restic \
--namespace velero \
--plugins velero/velero-plugin-for-aws \
--provider aws \
--secret-file ~/velero-credentials \
--use-restic true \
--use-volume-snapshots false \

Replace S3_BUCKET above with the name of your S3 bucket.

This command creates a number of resources in our cluster:

Velero is installed! ⛵ Use 'kubectl logs deployment/velero -n velero' to view the status.

Install Velero from CLI

A quick aside.

Since this is the first time in this series we’re installing Velero using its own CLI, instead of our usual way of Helm chart, let’s take a minute to explore the different configurations of Velero installation from CLI.

No Restic. Only AWS EBS snapshots (with IAM user auth):

velero install \
--backup-location-config region=ap-south-1 \
--bucket S3_BUCKET \
--namespace velero \
--plugins velero/velero-plugin-for-aws \
--provider aws \
--secret-file ~/velero-credentials \
--snapshot-location-config region=ap-south-1 \
--use-volume-snapshots true \

No Restic. IAM role for auth:

velero install \
--backup-location-config region=ap-south-1 \
--bucket S3_BUCKET \
--namespace velero \
--plugins velero/velero-plugin-for-aws \
--pod-annotations<AWS_ACCOUNT_ID>:role/<VELERO_ROLE_NAME> \
--provider aws \
--snapshot-location-config region=ap-south-1 \
--use-volume-snapshots true \

Restic Components

Once Restic is installed & running, you should be able to see its pod(s) & DaemonSet:

> kubectl get all --namespace velero

NAME                          READY   STATUS    RESTARTS   AGE
pod/restic-dsmrm              1/1     Running   0          91s
pod/velero-75bcf46c6d-tq5lr   1/1     Running   0          91s

daemonset.apps/restic   1         1         1       1            1           <none>          92s

NAME                     READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/velero   1/1     1            1           92s

NAME                                DESIRED   CURRENT   READY   AGE
replicaset.apps/velero-75bcf46c6d   1         1         1       92s

Stateful Workload

As a quick refresher, here’s what our stateful WordPress workload looks like after its installed from a Bitnami Helm chart:

> kubectl get all --namespace wordpress

NAME                             READY   STATUS    RESTARTS   AGE
pod/wordpress-7ff458b78c-9d5dv   1/1     Running   0          81m
pod/wordpress-mariadb-0          1/1     Running   0          81m

NAME                        TYPE           CLUSTER-IP       EXTERNAL-IP                                                                PORT(S)                      AGE
service/wordpress           LoadBalancer   80:31746/TCP,443:32297/TCP   81m
service/wordpress-mariadb   ClusterIP   <none>                                                                     3306/TCP                     81m

NAME                        READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/wordpress   1/1     1            1           81m

NAME                                   DESIRED   CURRENT   READY   AGE
replicaset.apps/wordpress-7ff458b78c   1         1         1       81m

NAME                                 READY   AGE
statefulset.apps/wordpress-mariadb   1/1     81m

For instructions on how to create this workload, see the previous article in this series.

Backup using Restic

Creating a Velero backup with or without Restic looks pretty much the same:

> velero backup create wordpress \
    --include-namespaces wordpress

Backup request "wordpress" submitted successfully.

Run `velero backup describe wordpress` or
`velero backup logs wordpress` for more details.

There is one obvious difference though. Instead of creating snapshots, Restic has uploaded all volume data to S3:

> velero backup describe wordpress --details

Name:         wordpress
Namespace:    velero

Phase:  Completed

Errors:    0
Warnings:  0

  Included:  wordpress
  Excluded:  <none>

  Included:        *
  Excluded:        <none>
  Cluster-scoped:  auto

Label selector:  <none>

Storage Location:  default

Velero-Native Snapshot PVs:  auto

TTL:  720h0m0s

Hooks:  <none>

Backup Format Version:  1.1.0

Started:    2022-01-23 19:00:57 +0530 IST
Completed:  2022-01-23 19:01:16 +0530 IST

Expiration:  2022-02-22 19:00:57 +0530 IST

Total items to be backed up:  32
Items backed up:              32

Resource List:
    - wordpress/wordpress-mariadb-cd78bc67d
    - wordpress/wordpress
    - wordpress/wordpress-7ff458b78c
    - wordpress/wordpress-mariadb
    - wordpress/wordpress-mariadb-hmvnb
    - wordpress/wordpress-nknxt
    - wordpress/kube-root-ca.crt
    - wordpress/wordpress-mariadb
    - wordpress/wordpress
    - wordpress/wordpress-mariadb
    - wordpress
    - pvc-37112caf-03ec-4ddf-b0e7-0b6a05ebb2be
    - pvc-b3837378-941f-4a3d-abe6-44aeadf0158b
    - wordpress/data-wordpress-mariadb-0
    - wordpress/wordpress
    - wordpress/wordpress-7ff458b78c-9d5dv
    - wordpress/wordpress-mariadb-0
    - wordpress/default-token-jfg2q
    - wordpress/sh.helm.release.v1.wordpress.v1
    - wordpress/wordpress
    - wordpress/wordpress-mariadb
    - wordpress/wordpress-mariadb-token-tnm52
    - wordpress/wordpress
    - wordpress/wordpress-mariadb
    - wordpress/default
    - wordpress/wordpress-mariadb
    - wordpress/wordpress
    - wordpress/wordpress-wxjx9
    - wordpress/wordpress-67d3145e-bec2-4234-9690-4874a30d4098

Velero-Native Snapshots: <none included>

Restic Backups:
    wordpress/wordpress-7ff458b78c-9d5dv: wordpress-data
    wordpress/wordpress-mariadb-0: data

Next Steps

The steps to restore a Restic-based backup are the same as the steps we used in the last article for a snapshot-based backup.


In this article, we explored how & why one might use file system backups instead of snapshots with Velero.

