OpenStack Cinder, Manila and Swift plugin for velero backups.
This plugin is included as community supported plugin by Velero organization.
Below is a matrix of plugin versions and Velero versions for which the compatibility is tested and guaranteed.
Plugin Version | Velero Version |
---|---|
v0.6.x | 1.9.x, 1.10.x 1.11.x |
v0.5.x | v1.4.x, v1.5.x, v1.6.x, v1.7.x, v1.8.x, 1.9.x, 1.10.x 1.11.x |
The order of authentication methods is following:
OS_CLOUD
when you want to authenticate using env. variables because authenticator will try to look for clouds.y(a)ml
file and use it.OS_CLOUD
environment variable to tell which cloud from clouds.y(a)ml
will be used:
OS_CLIENT_CONFIG_FILE
env. variable is specified, code will authenticate using this file.clouds.y(a)ml
in current directory.~/.config/openstack/clouds.y(a)ml
./etc/openstack/clouds.y(a)ml
.For authentication using application credentials you first need to create credentials using openstack CLI command such as openstack application credential create <NAME>
.
For more information about how to configure authentication, see one of following documents:
Both authentication options also allow you to authenticate against multiple OpenStack Clouds at the same time. The way you can leverage this functionality is scenario where you want to store backups in 2 different locations. This scenario doesn't apply for Volume Snapshots as they always need to be created in the same cloud and region as where your PVCs are created!
Example of multi-cloud BSL setup:
---
apiVersion: velero.io/v1
kind: BackupStorageLocation
metadata:
name: my-backup-in-cloud1
namespace: velero
spec:
accessMode: ReadWrite
config:
cloud: cloud1
# optional region
region: fra1
default: false
objectStorage:
bucket: velero-backup-cloud1
provider: community.openstack.org/openstack
---
apiVersion: velero.io/v1
kind: BackupStorageLocation
metadata:
name: my-backup-in-cloud2
namespace: velero
spec:
accessMode: ReadWrite
config:
cloud: cloud2
# optional region
region: lon
default: false
objectStorage:
bucket: velero-backup-cloud2
provider: community.openstack.org/openstack
There are 2 options how to install this plugin. Each method has a documentation subpage:
Swift container must have Temporary URL Key configured to make it possible to download Velero backups. In your Swift project you can execute following command to configure it:
SWIFT_TMP_URL_KEY=$(dd if=/dev/urandom | LC_ALL=C tr -dc A-Za-z0-9 | head -c 40)
swift post -m "Temp-URL-Key:${SWIFT_TMP_URL_KEY}"
Or per container Temporary URL key:
SWIFT_TMP_URL_KEY=$(dd if=/dev/urandom | LC_ALL=C tr -dc A-Za-z0-9 | head -c 40)
swift post -m "Temp-URL-Key:${SWIFT_TMP_URL_KEY}" my-container
Note: If the Swift account ID is overridden (for example, if the current authentication project scope does not correspond to the destination container project ID), you must set the corresponding valid
OS_SWIFT_TEMP_URL_KEY
environment variable.
Plugin supports multiple methods of creating a backup.
Cinder backup methods:
cinder backup create
) - see docs.enable_force_upload
Cinder option enabled on the server side).Manila backup methods:
Please note two facts regarding volume backups:
--force
. The reason is that volumes in state in-use
cannot be snapshotted without it (they would need to be detached in advance). In some cases this can make snapshot contents inconsistent!Alternative Kubernetes native solution (GA since 1.20) for volume snapshots are VolumeSnapshots using snapshot-controller.
Volume backups with Velero can also be done using Restic and Kopia. Please understand that this repository does not provide any functionality for restic and kopia and their implementation is done purely in Velero code!
There is a common similarity that restic
can use OpenStack Swift as object storage for backups. Restic way of authentication and implementation is however very different from this repository and it means that some ways of authentication that work here will not work with restic. Please refer to official restic documentation to understand how are you supposed to configure authentication variables with restic.
Recommended way of using this plugin with restic is to use authentication with environment variables and only for 1 cloud and 1 BackupStorageLocation. In the BSL you need to configure config.resticRepoPrefix: swift:<CONTAINER_NAME>:/<PATH>
- for example config.resticRepoPrefix: swift:my-awesome-container:/restic
.
# test and build code
go test -v -count 1 ./...
go mod tidy
go build
# Build and push image for linux amd64, arm64, arm
docker buildx build \
--file docker/Dockerfile \
--platform linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64 \
--tag lirt/velero-plugin-for-openstack:v0.6.0 \
--build-arg VERSION=v0.6.0 \
--build-arg GIT_SHA=somesha \
--no-cache \
--push \
.
The plugin interface is built based on the official Velero plugin example.