Implement Velero volume backup capability

defenseunicorns / uds-core

A secure runtime platform for mission-critical capabilities

https://uds.defenseunicorns.com

Apache License 2.0

42 stars 18 forks source link

Implement Velero volume backup capability #315

Open corang opened 5 months ago

corang commented 5 months ago

Describe the solution you'd like

Given uds-core is installed in a cluster
When I need to backup a volume
Then velero creates the backup and stores it

Additional context

Velero isn't super useful right now since zarf/uds makes everything quite stateful. The real value of velero to us is it's volume backup capability.

zack-is-cool commented 5 months ago

Specifically we need this for AWS flavored scenarios; we'd need to be able to use https://github.com/vmware-tanzu/velero-plugin-for-aws to do EBS snapshotty things and https://velero.io/docs/v1.13/file-system-backup/ for EFS.. I'm not sure what the implications of this are.

If it comes down to it, would it make sense to be able to turn velero off in UDS core and delivery maintains our own AWS flavored velero zarf package?

zack-is-cool commented 5 months ago

@corang I think this might be a thing that's already supported. via @blancharda https://github.com/defenseunicorns/uds-bundle-software-factory-nutanix/blob/main/bundles/uds-core-swf/uds-bundle.yaml#L42-L113

mjnagel commented 4 months ago

In the current state we include the AWS plugin for velero (see https://github.com/defenseunicorns/uds-core/blob/main/src/velero/values/registry1-values.yaml#L10-L16). For your specific AWS scenario this should cover EBS needs so velero should be providing some value, even if the plugin does not help with EFS.

I'm less familiar with file system backup, but it looks like it uses the same velero image and just requires some additional configuration in velero (like deployNodeAgent)? We can certainly evaluate enabling this by default, but it seems like this should be possible in core today, using bundle overrides?

It may make sense to add by default, at least for the demo bundle, since k3d's local-path would not be handled by the AWS plugin but would be covered by file system backup. Just want to make sure that this isn't a blocking issue so we can prioritize accordingly!

mjnagel commented 2 months ago

@corang / @zack-is-cool wanted to revisit this issue and see if you have had a change to validate what I mentioned above? Is this functional today with overrides? If you're looking for this to be pre-configured and/or documented we can adjust the issue accordingly just wanted to check in again and see if you made any progress/have lessons learned here.