Managed Service for Kubernetes cluster backups in Object Storage
Data in Managed Service for Kubernetes clusters are securely stored and replicated within the Nebius AI infrastructure. However, you can back up data from Managed Service for Kubernetes cluster node groups at any time and store them in Object Storage or other types of storage.
You can create backups of Managed Service for Kubernetes cluster node group data using the Velero
Tip
When working with Velero, you can use nfs
In this article, you will learn how to create a backup of a Kubernetes cluster node group using Velero, save it in Object Storage, and restore it in a node group in a different cluster:
If you no longer need the resources you created, delete them.
Getting started
-
If you don't have the Nebius AI command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the
--folder-name
or--folder-id
parameter. -
Install kubectl
and configure it to work with the created cluster. -
Select Velero client
version1.10.3
or higher for your platform based on the compatibility table . -
Download the Velero client, extract the contents of the archive, and install it. For more information about installation, see the Velero documentation
. -
View a description of any Velero command:
velero --help
-
Create a bucket Object Storage:
- Name:
velero-backup
. - Storage class:
Standard
. - In the Object read access, Object listing access, and Read access to settings fields, select Limited.
- Name:
-
- Name:
velero-sa
. - Folder roles:
compute.admin
.
- Name:
-
Create a static access key for the
velero-sa
service account:ncp iam access-key create --service-account-name velero-sa
Result:
access_key: id: abcdo12h3j04******** service_account_id: ajego12h3j03******** created_at: "2020-10-19T13:22:29Z" key_id: <key ID> secret: <secret key value>
Note
Save the secret key ID and value. You will not be able to get the key value again.
-
Create a file named
credentials
with the previously received static key data:[default] aws_access_key_id=<key ID> aws_secret_access_key=<secret key value>
Backups
To back up cluster group data:
-
Create a Managed Service for Kubernetes cluster and a node group in any suitable configuration. When creating the node group, select automatic IP assignment.
-
Install kubectl
and configure it to work with the created cluster. -
Install the Velero server in the Managed Service for Kubernetes cluster:
kubectl label volumesnapshotclasses.snapshot.storage.k8s.io yc-csi-snapclass \ velero.io/csi-volumesnapshot-class="true" && \ velero install \ --backup-location-config s3Url=https://storage.ai.nebius.cloud,region=eu-north1 \ --bucket velero-backup \ --plugins velero/velero-plugin-for-aws:v1.3.0,velero/velero-plugin-for-csi:v0.2.0 \ --provider aws \ --secret-file ./credentials \ --features=EnableCSI \ --use-volume-snapshots=true \ --snapshot-location-config region=eu-north1
Where:
--backup-location-config
: Backup storage parameters. URL of Object Storage storage and region.--bucket
: Name of the backup storage bucket.--plugins
: Plugin images for AWS API compatibility.--provider
: Name of the object storage provider.--secret-file
: Full path to static access key data.--features
: List of active functionalities.--snapshot-location-config
: Availability zone where disk snapshots will be located.
Result:
CustomResourceDefinition/backups.velero.io: attempting to create resource CustomResourceDefinition/backups.velero.io: already exists, proceeding CustomResourceDefinition/backups.velero.io: created ... Velero is installed! ⛵ Use 'kubectl logs deployment/velero -n velero' to view the status.
-
Make sure the Velero pod status has changed to
Running
:kubectl get pods -n velero
-
Back up data from the Managed Service for Kubernetes cluster node group:
velero backup create my-backup
Result:
Backup request "my-backup" submitted successfully. Run `velero backup describe my-backup` or `velero backup logs my-backup` for more details.
-
Wait for the backup to complete. The value displayed in the
STATUS
field will beCompleted
.velero backup get
Result:
NAME STATUS ERRORS WARNINGS CREATED EXPIRES STORAGE LOCATION SELECTOR my-backup Completed 0 0 2020-10-19 17:13:25 +0300 MSK 29d default <none>
Restoring data from backups
To restore data from the Managed Service for Kubernetes cluster node group:
-
Create a new Managed Service for Kubernetes cluster and a node group in any suitable configuration. When creating the node group, select automatic IP assignment.
-
Configure kubectl to work with the new cluster.
-
Install the Velero server in the Managed Service for Kubernetes cluster:
kubectl label volumesnapshotclasses.snapshot.storage.k8s.io yc-csi-snapclass \ velero.io/csi-volumesnapshot-class="true" && \ velero install \ --backup-location-config s3Url=https://storage.ai.nebius.cloud,region=eu-north1 \ --bucket velero-backup \ --plugins velero/velero-plugin-for-aws:v1.3.0,velero/velero-plugin-for-csi:v0.2.0 \ --provider aws \ --secret-file ./credentials \ --features=EnableCSI \ --use-volume-snapshots=true \ --snapshot-location-config region=eu-north1
Where:
--backup-location-config
: Backup storage parameters. URL of Object Storage storage and region.--bucket
: Name of the backup storage bucket.--plugins
: Plugin images for AWS API compatibility.--provider
: Name of the object storage provider.--secret-file
: Full path to static access key data.--features
: List of active functionalities.--snapshot-location-config
: Select the availability zone to host disk snapshots.
Result:
CustomResourceDefinition/backups.velero.io: attempting to create resource CustomResourceDefinition/backups.velero.io: already exists, proceeding CustomResourceDefinition/backups.velero.io: created ... Velero is installed! ⛵ Use 'kubectl logs deployment/velero -n velero' to view the status.
-
Make sure the Velero pod status has changed to
Running
:kubectl get pods -n velero
-
Make sure the data backup is displayed in the new cluster:
velero backup get
Result:
NAME STATUS ERRORS WARNINGS CREATED EXPIRES STORAGE LOCATION SELECTOR my-backup Completed 0 0 2020-10-19 17:13:25 +0300 MSK 29d default <none>
-
Restore data from the backup:
velero restore create my-restore --exclude-namespaces velero --from-backup my-backup
Where:
--exclude-namespaces
: Parameter that allows users not to restore objects from thevelero
namespace.--from-backup
: Name of the bucket where the backup is stored.
Result:
Restore request "my-restore" submitted successfully. Run `velero restore describe my-restore` or `velero restore logs my-restore` for more details.
-
Wait for the backup restoration to complete. The value displayed in the
STATUS
field will beCompleted
.velero get restore
Result:
NAME BACKUP STATUS STARTED COMPLETED ERRORS WARNINGS CREATED SELECTOR my-restore my-backup Completed 2020-10-20 14:04:55 +0300 MSK 2020-10-20 14:05:22 +0300 MSK 0 23 2020-10-20 14:04:55 +0300 MSK <none>
Delete the resources you created
Some resources are not free of charge. To avoid paying for them, delete the resources you no longer need: