Velero/MinIO Installation

This guide explains how to install Velero and MinIO to build a reliable backup system for your Kubernetes cluster.

Why do you need Velero and MinIO?

An etcd snapshot alone only backs up Kubernetes resource definitions. To also back up actual application data (data stored in PersistentVolumes), you need Velero. MinIO serves as the S3-compatible storage where Velero stores backup data.

---

Understanding the Components

MinIO - Backup Storage

MinIO is an S3-compatible object storage that stores backup data created by Velero.

Why choose MinIO?

While you can use AWS S3, installing MinIO allows you to build backup infrastructure in on-premises environments without depending on external clouds.

• S3 Compatible: Fully compatible with AWS S3 API, allowing you to use existing S3 tools as-is.

• High Availability: Data replication via distributed mode ensures stable operation with no single point of failure.

• Lightweight: Single binary installation enables fast deployment and easy management.

• Web Console: Browser-based management UI lets you visually verify backup files.

Velero - Backup Engine

Velero is an open-source tool that backs up and restores Kubernetes resources and persistent volumes.

• Cluster Backup: Full or selective resource backup. Use for regular backups and pre-change snapshots.

• Scheduled Backup: Cron-based automatic backup. Use for daily or weekly scheduled backups.

• Disaster Recovery: Restore cluster from backup. Use for failure recovery and rollback scenarios.

• Migration: Transfer workloads between clusters. Use for cluster upgrades and environment migration.

---

Prerequisites

Verify the following conditions before starting the installation.

• Kubernetes cluster: Must be registered in KIWI. Verify on the [Runtime Environment] page.

• Cluster admin permissions: CRD installation and RBAC creation required. Contact your administrator if you lack permissions.

• Persistent storage: Must be able to create PVCs for MinIO. Verify that a StorageClass exists in the cluster.

• Storage space: Minimum 100GB recommended. Adjust based on backup target scale.

If you lack permissions

If the [Backup Management] menu is not visible or access is denied, request permission from your organization administrator. Backup infrastructure installation requires cluster administrator-level permissions.

---

MinIO Installation

First, install MinIO to prepare the storage for backup data.

Step 1: Navigate to Backup Management Page

1. Click [Backup Management] in the left menu
2. Click the Settings tab
3. Click the Install Backup Infrastructure button .

Step 2: Configure MinIO Installation Options

Proceed to the MinIO Installation step in the installation wizard and configure the following options.

Basic Settings

• Installation Mode (Recommended: Standalone)

  • Standalone: Install on a single node. Suitable for small environments with simple configuration .
  • Distributed: Distributed installation across multiple nodes. Suitable for large production environments requiring high availability .

• Namespace (Recommended: velero)

  • Installing in the same namespace as Velero simplifies network communication .

• Service Type (Recommended: ClusterIP)

  • ClusterIP: Access only from within the cluster (recommended for security)
  • NodePort: When external access via node IP is needed .
  • LoadBalancer: When using an external load balancer in cloud environments .

Storage Settings

• Storage Size (Recommended: 100Gi or more)

  • Set based on backup target scale and retention period
  • It's better to be generous since expansion is difficult later .

• StorageClass

  • Use the cluster's default StorageClass, or select one matching your performance requirements .

Determining storage size

• Small (under 50 resources): Daily backup size is approximately 100MB. For 30-day retention, allocate 50GB.
• Medium (50-500 resources): Daily backup size is approximately 1GB. For 30-day retention, allocate 200GB.
• Large (500+ resources): Daily backup size is 10GB or more. For 30-day retention, allocate 1TB or more.

Authentication Settings

• Access Key: Username for MinIO access. Auto-generation is recommended.
• Secret Key: Password for MinIO access. Use a sufficiently complex value.

Store credentials safely

Keep the Access Key and Secret Key stored securely in a separate location. If lost, you won't be able to access MinIO and will need to reconfigure Velero connections.

Step 3: Execute Installation

1. Review settings and click the Install button .
2. Installation progress is displayed on screen
   • PVC creation: Secure storage space for backup data
   • Deployment creation: Deploy MinIO server Pod
   • Service creation: Create network endpoint .
   • Secret creation: Store authentication information .
3. Success when "MinIO installation is complete" message appears .

Step 4: Check MinIO Status

Verify the following information after installation completes.

• Status: Should be Running. If there are problems, check Pod logs.

• Endpoint: Should be http://minio.velero.svc:9000. If not accessible, verify Service creation.

• Console URL: Should be http://minio-console.velero.svc:9001. This is an optional feature for management.

---

Velero Installation

After MinIO installation is complete, install Velero to activate backup functionality.

Step 1: Proceed to Velero Installation Step

1. Click the Next button after MinIO installation completes .
2. Velero installation wizard starts automatically .

Step 2: Configure Installation Options

Basic Settings

• Namespace (Recommended: velero)

  • Installing in the same namespace as MinIO makes management easier .

• Version (Recommended: latest stable)

  • Select the latest stable version unless there are specific compatibility requirements .
  • If you need to restore existing backups, verify compatibility with the Velero version that created those backups .

Backup Storage Settings

If you installed MinIO first, connection information is automatically populated.

• Provider: Auto-populated as aws. This indicates S3-compatible storage (includes MinIO).

• Bucket: Auto-populated as velero. This is the bucket for storing backup data.

• S3 URL: Auto-populated as http://minio.velero.svc:9000. This is the MinIO endpoint.

• Region: Auto-populated as minio. This is the default value since MinIO has no region concept.

Changing the bucket name

If you want to use a different name instead of the default bucket name velero, you can modify it directly. However, bucket names can only contain lowercase letters, numbers, and hyphens.

Volume Snapshot Settings (Optional but Recommended)

Enabling this option backs up actual data stored in PersistentVolumes as well.

• Enable: Whether to use PV snapshot backup feature
• Provider (Recommended: CSI)
  • CSI: Recommended for modern Kubernetes environments .
  • Cloud provider: Select for AWS EBS, GCP PD, etc. in cloud environments .

Why you should enable volume snapshots

Without volume snapshots, only Kubernetes resource definitions are backed up. To recover actual data like databases or file storage, you must enable volume snapshots.

Step 3: Execute Installation

1. Review settings and click the Install button .
2. Installation progress is displayed on screen
   • CRD installation: Velero custom resource definitions .
   • ServiceAccount and RBAC creation: Permission setup
   • Deployment creation: Deploy Velero server Pod
   • BackupStorageLocation creation: MinIO connection setup
3. Success when "Velero installation is complete" message appears .

Step 4: Verify Installation

Confirm that installation completed successfully.

• Velero Pod: Should be Running. If there are issues, check with kubectl get pods -n velero.

• BackupStorageLocation: Should be Available. If unavailable, check MinIO connection status.

• MinIO bucket: The velero bucket should exist. Verify in the MinIO console if missing.

Quickly verify installation success

After installation, if all statuses show "Normal" in the Settings tab of the [Backup Management] page, you're successful.

---

External Storage Connection

When using existing S3-compatible storage:

AWS S3 Connection

1. Select External Storage in Backup Infrastructure Installation
2. Enter S3 information:
   • Provider: aws
   • Bucket: Bucket name
   • Region: AWS region
   • Access Key ID: AWS credentials .
   • Secret Access Key: AWS credentials .

Existing MinIO Connection

1. Select External Storage
2. Enter MinIO information:
   • Provider: aws (S3 compatible)
   • S3 URL: MinIO endpoint (e.g., http://minio.example.com:9000)
   • Bucket: Bucket name
   • Access Key: MinIO access key
   • Secret Key: MinIO secret key
   • s3ForcePathStyle: true (required)

---

Backup Schedule Configuration

Create Basic Schedule

1. Click the Schedule tab on the Backup Management page
2. Click the Add Schedule button .
3. Configure schedule:

• Name: Name to identify the schedule. Use a clear name indicating purpose. (e.g., daily-backup, weekly-full-backup)
• Cron Expression: Cron expression specifying backup execution time. For example, 0 2 * * * runs at 2 AM daily. Choose a time slot with minimal service impact.
• TTL (Retention Period): How long to retain backups. Specify in hours. (e.g., 720h = 30 days, 168h = 7 days) Backups past this period are automatically deleted.
• Target: Scope of resources to back up. You can selectively back up the entire cluster or specific namespaces/resources.

Recommended Schedules

Recommended backup strategies by environment:

• Production Environment: Run daily backups (7-day retention) and weekly backups (4-week retention) in parallel. Daily backups protect recent changes, weekly backups ensure long-term recovery points.
• Development Environment: Backup once weekly with 2-week retention. Development environments are relatively easy to rebuild, so minimal backups are sufficient.
• Test Environment: Manual backup only when needed with 1-week retention. Test environments are generally easy to recreate, so regular backups aren't essential.

---

Check Installation Status

KIWI Dashboard

In Backup Management > Settings tab:

• MinIO Status: Running / Error
• Velero Status: Running / Error
• Storage Usage: Used capacity / Total capacity .
• Recent Backup: Last backup time

Verify with kubectl

# Velero Pod status
kubectl get pods -n velero

# BackupStorageLocation status
kubectl get backupstoragelocations -n velero

# Backup list
kubectl get backups -n velero

# Schedule list
kubectl get schedules -n velero

---

Troubleshooting

MinIO Installation Failure

• When PVC is Pending: No appropriate StorageClass in the cluster or unable to provision PV. Check available StorageClasses with kubectl get storageclass and create if needed.
• When Pod is CrashLoopBackOff: MinIO cannot access storage. Check PVC status with kubectl describe pvc and verify PV is correctly bound.
• When memory shortage error occurs: Insufficient resources allocated to MinIO Pod. Increase resource limits in installation options or check node available resources.

Velero Installation Failure

• When CRD installation fails: No permission to create Velero CRD (Custom Resource Definition). Verify the ServiceAccount used by KIWI has cluster administrator permissions.
• When BackupStorageLocation is Unavailable: Velero cannot connect to MinIO. Verify MinIO Pod is Running and Access Key and Secret Key are correct.
• When Plugin error occurs: Velero version and plugin version are incompatible. Check compatible plugin versions in Velero release notes and reinstall.

Backup Failure

• When PartiallyFailed: Some resource backups failed. Check detailed logs with velero backup describe <backup-name> --details and inspect failed resources.
• When storage shortage error occurs: MinIO storage capacity is full. Delete old backups or expand PVC capacity.
• When timeout occurs: Backup target data is too large to complete within time limit. Increase timeout value in Velero settings or reduce backup scope.

---

MinIO Console Access

You can access the MinIO web console to manage buckets and objects.

Access Method 1: Port Forwarding

kubectl port-forward svc/minio-console -n velero 9001:9001
# Access http://localhost:9001 in browser

Access Method 2: NodePort or Ingress

If service type is set to NodePort or LoadBalancer during installation, direct external access is available.

Login Information

• Username: Access Key (set during installation)
• Password: Secret Key (set during installation)

---

Upgrade

MinIO Upgrade

1. Click MinIO Upgrade in Backup Management > Settings
2. Select new version .
3. Execute Upgrade

Note: Backup operations may be interrupted during upgrade.

Velero Upgrade

1. Click Velero Upgrade in Backup Management > Settings
2. Select new version .
3. Confirm CRD upgrade .
4. Execute Upgrade

---

Removal

Remove Velero

1. Click Remove Velero in Backup Management > Settings
2. Select removal options:
   • Include CRD Removal: Deletes all backup data
   • Keep CRD: Preserves backup data
3. Execute Remove

Remove MinIO

1. Click Remove MinIO after Velero removal .
2. Click Remove in the confirmation dialog

Warning: Removing MinIO deletes all stored backup data.

---

Best Practices

Recommendations for effectively operating your backup infrastructure.

Storage Planning

Secure appropriate storage capacity based on cluster size.

• Small (under 50 resources): Daily backup size is approximately 100MB. For 30-day retention, allocate 50GB.

• Medium (50-500 resources): Daily backup size is approximately 1GB. For 30-day retention, allocate 200GB.

• Large (500+ resources): Daily backup size is 10GB or more. For 30-day retention, allocate 1TB or more.

Storage expansion planning

Since storage capacity is difficult to expand later, it's better to secure at least twice your current needs. As your cluster grows, backup sizes will increase accordingly.

Backup Strategy

We recommend the following strategies for a reliable backup system.

• Daily Backup: Protect operational data by running backups daily during off-peak hours.

• Weekly Full Backup: For long-term retention, run full backups every Sunday.

• Pre-Change Backup: Create manual backups before important changes like upgrades or migrations.

• Multi-Storage: Replicate backups to a different data center for disaster recovery.

Security Recommendations

Backup data security

Backup files may contain sensitive information such as Secrets and ConfigMaps. Apply the following security measures.

1. Credential management: Store MinIO Access Key and Secret Key in a secure password manager .
2. Backup encryption: Enable backup encryption options in sensitive environments .
3. Network policies: Use NetworkPolicy to restrict MinIO access to Velero Pods only .
4. Restoration testing: Perform quarterly restoration tests to verify backups actually work

---

Next Steps

Backup infrastructure installation is complete. Refer to the following guides to perform backups and restorations.

• etcd Backup: Back up Kubernetes cluster state as an etcd snapshot
• Docker Backup: Back up Docker environment containers and volumes .
• Recovery: Restore your system using backup data