From 0c8be9ddbdad8e864af3a81b3a0a68f19b98607c Mon Sep 17 00:00:00 2001
From: marcel-dempers <aimvec@gmail.com>
Date: Wed, 7 Oct 2020 22:22:26 +1100
Subject: [PATCH] wip

---
 kubernetes/velero/README.md | 156 ++++++++++++++++++++++++++++++++++++
 kubernetes/velero/aws.md    | 108 +++++++++++++++++++++++++
 kubernetes/velero/azure.md  |  51 ++++++++++++
 3 files changed, 315 insertions(+)
 create mode 100644 kubernetes/velero/README.md
 create mode 100644 kubernetes/velero/aws.md
 create mode 100644 kubernetes/velero/azure.md
diff --git a/kubernetes/velero/README.md b/kubernetes/velero/README.md
new file mode 100644
index 0000000..fa94e95
--- /dev/null
+++ b/kubernetes/velero/README.md
@@ -0,0 +1,156 @@
+# Introduction to Velero
+
+## We need a Kubernetes cluster
+
+Lets create a Kubernetes cluster to play with using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/)
+
+```
+kind create cluster --name velero --image kindest/node:v1.19.1
+```
+
+## Get a container to work in
+<br/>
+Run a small `alpine linux` container where we can install and play with `velero`: <br/>
+
+```
+docker run -it --rm -v ${HOME}:/root/ -v ${PWD}:/work -w /work --net host alpine sh
+
+# install curl & kubectl
+apk add --no-cache curl nano
+curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
+chmod +x ./kubectl
+mv ./kubectl /usr/local/bin/kubectl
+export KUBE_EDITOR="nano"
+
+#test cluster access:
+/work # kubectl get nodes
+NAME                    STATUS   ROLES    AGE   VERSION
+velero-control-plane   Ready    master   26m   v1.18.4
+
+```
+
+## Velero CLI
+
+Lets download the `velero` command line tool <br/>
+I grabbed the `v1.5.1` release using `curl`
+
+You can go to the [releases](https://github.com/vmware-tanzu/velero/releases/tag/v1.5.1) page to get it
+
+```
+curl -L -o /tmp/velero.tar.gz https://github.com/vmware-tanzu/velero/releases/download/v1.5.1/velero-v1.5.1-linux-amd64.tar.gz 
+tar -C /tmp -xvf /tmp/velero.tar.gz
+mv /tmp/velero-v1.5.1-linux-amd64/velero /usr/local/bin/velero
+chmod +x /usr/local/bin/velero
+
+velero --help
+```
+
+
+## Deploy some stuff
+
+```
+kubectl apply -f kubernetes/configmaps/configmap.yaml
+kubectl apply -f kubernetes/secrets/secret.yaml
+kubectl apply -f kubernetes/deployments/deployment.yaml
+kubectl apply -f kubernetes/services/service.yaml
+
+kubectl get all 
+```
+
+## Create storage in Azure and AWS
+
+In this example, we'll create a storage in AWS and Azure to try both scenarios.</br>
+You can follow along in the video </br>
+
+Create a storage account and secret for: [Azure](./azure.md) </br>
+Create a storage account and secret for: [AWS](./aws.md) </br>
+
+```
+
+
+```
+## Deploy Velero for Azure
+
+Start [here](./azure.md) </br>
+
+```
+
+# Azure credential file
+cat << EOF  > /tmp/credentials-velero
+AZURE_STORAGE_ACCOUNT_ACCESS_KEY=${AZURE_STORAGE_ACCOUNT_ACCESS_KEY}
+AZURE_CLOUD_NAME=AzurePublicCloud
+EOF
+
+velero install \
+    --provider azure \
+    --plugins velero/velero-plugin-for-microsoft-azure:v1.1.0 \
+    --bucket $BLOB_CONTAINER \
+    --secret-file /tmp/credentials-velero \
+    --backup-location-config resourceGroup=$AZURE_BACKUP_RESOURCE_GROUP,storageAccount=$AZURE_STORAGE_ACCOUNT_NAME,storageAccountKeyEnvVar=AZURE_STORAGE_ACCOUNT_ACCESS_KEY,subscriptionId=$AZURE_BACKUP_SUBSCRIPTION_ID \
+    --use-volume-snapshots=false
+
+
+kubectl -n velero get pods
+kubectl logs deployment/velero -n velero
+
+```
+
+## Deploy Velero for AWS
+
+Start [here](./aws.md)
+
+```
+
+cat > /tmp/credentials-velero <<EOF
+[default]
+aws_access_key_id=$AWS_ACCESS_ID
+aws_secret_access_key=$AWS_ACCESS_KEY
+EOF
+
+velero install \
+    --provider aws \
+    --plugins velero/velero-plugin-for-aws:v1.1.0 \
+    --bucket $BUCKET \
+    --backup-location-config region=$REGION \
+    --snapshot-location-config region=$REGION \
+    --secret-file /tmp/credentials-velero
+
+kubectl -n velero get pods
+kubectl logs deployment/velero -n velero
+
+```
+
+## Create a Backup 
+
+```
+velero backup create default-namespace-backup --include-namespaces default
+
+# describe
+velero backup describe default-namespace-backup
+
+# logs
+velero backup logs default-namespace-backup
+```
+
+## Do a Restore
+
+```
+# delete all resources
+
+kubectl delete -f kubernetes/configmaps/configmap.yaml
+kubectl delete -f kubernetes/secrets/secret.yaml
+kubectl delete -f kubernetes/deployments/deployment.yaml
+kubectl delete -f kubernetes/services/service.yaml
+
+velero restore create default-namespace-backup --from-backup default-namespace-backup
+
+# describe
+velero restore describe default-namespace-backup
+
+#logs 
+velero restore logs default-namespace-backup
+
+# see items restored
+
+kubectl get all
+```
diff --git a/kubernetes/velero/aws.md b/kubernetes/velero/aws.md
new file mode 100644
index 0000000..4417dbd
--- /dev/null
+++ b/kubernetes/velero/aws.md
@@ -0,0 +1,108 @@
+# Run AWS CLI
+
+```
+docker run -it --rm --entrypoint /bin/sh amazon/aws-cli:2.0.55
+
+# install JSON tool
+yum install -y jq
+```
+
+# Login to AWS
+
+https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html
+
+```
+# Access your "My Security Credentials" section in your profile. 
+# Create an access key
+
+aws configure
+
+Default region name: ap-southeast-2
+Default output format: json
+
+
+```
+
+# Create a Storage Bucket
+
+```
+aws s3api create-bucket --bucket veleromarcel --region ap-southeast-2 --create-bucket-configuration LocationConstraint=ap-southeast-2
+```
+
+# Create IAM User
+
+```
+aws iam create-user --user-name velero
+```
+
+# Setup Policy for the User
+
+```
+cat > velero-policy.json <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeVolumes",
+                "ec2:DescribeSnapshots",
+                "ec2:CreateTags",
+                "ec2:CreateVolume",
+                "ec2:CreateSnapshot",
+                "ec2:DeleteSnapshot"
+            ],
+            "Resource": "*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "s3:GetObject",
+                "s3:DeleteObject",
+                "s3:PutObject",
+                "s3:AbortMultipartUpload",
+                "s3:ListMultipartUploadParts"
+            ],
+            "Resource": [
+                "arn:aws:s3:::${BUCKET}/*"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "s3:ListBucket"
+            ],
+            "Resource": [
+                "arn:aws:s3:::${BUCKET}"
+            ]
+        }
+    ]
+}
+EOF
+
+aws iam put-user-policy \
+  --user-name velero \
+  --policy-name velero \
+  --policy-document file://velero-policy.json
+
+```
+
+# Create Access Key for that user
+
+```
+aws iam create-access-key --user-name velero > /tmp/key.json
+
+AWS_ACCESS_ID=`cat /tmp/key.json | jq .AccessKey.AccessKeyId | sed s/\"//g`
+AWS_ACCESS_KEY=`cat /tmp/key.json | jq .AccessKey.SecretAccessKey | sed s/\"//g`
+
+```
+
+# Export variables
+
+Let's export these variables into our Velero container <br/>
+<br/>
+Copy and paste this to the velero container:
+```
+
+printf "export AWS_ACCESS_ID=$AWS_ACCESS_ID \nexport AWS_ACCESS_KEY=$AWS_ACCESS_KEY\nexport BUCKET=$BUCKET \nexport REGION=$REGION\n"
+```
\ No newline at end of file
diff --git a/kubernetes/velero/azure.md b/kubernetes/velero/azure.md
new file mode 100644
index 0000000..5d2fd79
--- /dev/null
+++ b/kubernetes/velero/azure.md
@@ -0,0 +1,51 @@
+# Run Azure CLI
+
+```
+docker run -it --rm --entrypoint /bin/sh mcr.microsoft.com/azure-cli:2.9.1
+```
+
+# Login to Azure
+
+```
+az login
+```
+
+# Create Storage
+
+```
+AZURE_BACKUP_RESOURCE_GROUP=velero
+AZURE_STORAGE_ACCOUNT_NAME=veleromarcel
+BLOB_CONTAINER=mycluster
+AZURE_BACKUP_SUBSCRIPTION_ID=
+
+# set subscription
+az account set --subscription $AZURE_BACKUP_SUBSCRIPTION_ID
+# resource group
+az group create -n $AZURE_BACKUP_RESOURCE_GROUP --location WestUS
+
+# storage account
+az storage account create \
+    --name $AZURE_STORAGE_ACCOUNT_NAME \
+    --resource-group $AZURE_BACKUP_RESOURCE_GROUP \
+    --sku Standard_GRS
+
+# get key
+AZURE_STORAGE_ACCOUNT_ACCESS_KEY=`az storage account keys list --account-name $AZURE_STORAGE_ACCOUNT_NAME --query "[?keyName == 'key1'].value" -o tsv`
+
+# blob container
+az storage container create -n $BLOB_CONTAINER \
+  --public-access off \
+  --account-name $AZURE_STORAGE_ACCOUNT_NAME \
+  --account-key $AZURE_STORAGE_ACCOUNT_ACCESS_KEY
+
+```
+
+# Export variables
+
+Let's export these variables into our Velero container <br/>
+<br/>
+Copy and paste this to the velero container:
+```
+
+printf "export BLOB_CONTAINER=$BLOB_CONTAINER \nexport AZURE_BACKUP_RESOURCE_GROUP=$AZURE_BACKUP_RESOURCE_GROUP \nexport AZURE_STORAGE_ACCOUNT_NAME=$AZURE_STORAGE_ACCOUNT_NAME \nexport AZURE_STORAGE_ACCOUNT_ACCESS_KEY=$AZURE_STORAGE_ACCOUNT_ACCESS_KEY \nexport AZURE_BACKUP_SUBSCRIPTION_ID=$AZURE_BACKUP_SUBSCRIPTION_ID\n"
+```
\ No newline at end of file
