Enable backup/restore of k8s workloads between brokered cluster instances

User Story

In order to enable easy migration of workloads between clusters, production->staging replication practices, and simpler contingency planning, users of the brokered EKS service want to be able to backup and restore workloads.

Acceptance Criteria

[ACs should be clearly demoable/verifiable whenever possible. Try specifying them using BDD.]

[ ] GIVEN I provision an EKS service \ AND I specify S3 credentials for the metastorage provision parameter AND I install the Velero CLI \ WHEN I do the stuff described here \ THEN I see output similar to what's described here \ AND I am successful in making and restoring a backup of the content of a namespace \ AND I see the backups that Velero made in /backups in the metastorage bucket.

Background

[Any helpful contextual notes or links to artifacts/evidence, if needed]

Although it's possible for users of the EKS service to develop backup/restore processes specific to their particular k8s-hosted workloads, the intent here is to have a cluster-provided backup/restore capability that "just works" for any k8s workload.

Security Considerations (required)

[Any security concerns that might be implicated in the change. "None" is OK, just be explicit here!] Ideally customers of the broker can just refer to an existing S3 instance for the backup volume. However, that may not be possible if the broker is not operated by privileged users. So it should just accept typical S3 credentials.

Sketch

The EKS brokerpak should

[ ] deploy Velero via Helm chart during provisioning
[ ] Provide documentation for using the Velero CLI to make and restore a backup (similar to the documents linked above)
[ ] Include a link to schedule routine backups and specify a custom expiration time for backups

GSA / data.gov