Listen to this Post
Elastic Kubernetes Service (EKS) is AWS’s managed Kubernetes offering, where cluster state is stored in the ETCD key-value database. Regular backups are essential for disaster recovery, and Velero is a popular tool for Kubernetes backup and migration. This guide demonstrates how to automate Velero setup on EKS using Terraform.
You Should Know:
1. Prerequisites
- AWS CLI configured with proper permissions
- Terraform installed
- kubectl configured for EKS access
- An S3 bucket for Velero backups
2. Install Velero CLI
wget https://github.com/vmware-tanzu/velero/releases/download/v1.10.0/velero-v1.10.0-linux-amd64.tar.gz tar -xvzf velero-v1.10.0-linux-amd64.tar.gz sudo mv velero-v1.10.0-linux-amd64/velero /usr/local/bin/
3. Terraform Setup for Velero on EKS
Create a Terraform configuration (velero.tf) to deploy Velero with IAM permissions:
resource "aws_iam_policy" "velero" {
name = "velero-backup-policy"
description = "Policy for Velero to backup EKS to S3"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = [
"ec2:DescribeVolumes",
"ec2:DescribeSnapshots",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:CreateSnapshot",
"ec2:DeleteSnapshot"
]
Resource = ""
},
{
Effect = "Allow"
Action = [
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts"
]
Resource = "arn:aws:s3:::<YOUR_BUCKET_NAME>/"
}
]
})
}
module "velero" {
source = "terraform-aws-modules/eks/aws//modules/velero"
cluster_name = "<YOUR_EKS_CLUSTER_NAME>"
velero_version = "v1.10.0"
backup_s3_bucket = "<YOUR_BUCKET_NAME>"
iam_policy_arn = aws_iam_policy.velero.arn
}
4. Deploy Velero to EKS
Apply Terraform:
terraform init terraform apply
Verify Velero installation:
kubectl get pods -n velero
5. Schedule a Backup
Create a backup schedule:
velero schedule create daily-backup --schedule="@every 24h" --include-namespaces=default
Restore from backup:
velero restore create --from-backup daily-backup-20240422
What Undercode Say
Backing up Kubernetes clusters is critical for resilience. Velero simplifies this with cloud-native backups, while Terraform automates deployment. Key takeaways:
– Always test restores from backups.
– Secure S3 buckets with encryption and access policies.
– Monitor Velero logs (kubectl logs -n velero -l app=velero).
Additional Linux & AWS commands for debugging:
Check EKS cluster status aws eks describe-cluster --name <CLUSTER_NAME> List Velero backups velero backup get Inspect ETCD health (if self-managed) kubectl get pods -n kube-system | grep etcd
For Windows admins managing hybrid setups:
Check Kubernetes nodes kubectl get nodes -o wide Verify AWS permissions aws iam list-attached-user-policies --user-name velero-user
Expected Output:
A fully automated Velero backup system for EKS, with scheduled backups and disaster recovery capabilities.
Reference:
Automating AWS EKS Backups with Velero and Terraform
References:
Reported By: Darryl Ruggles – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
