Updated on 2025-07-11 GMT+08:00

Installing the Migration Tool

Velero is an open-source backup and migration tool for Kubernetes clusters. With restic's PV data backup capabilities, Velero can back up Kubernetes resource objects (such as Deployments, jobs, Services, and ConfigMaps) in the source cluster and data in PVs mounted to pods and uploaded them to object storage. If a disaster occurs or migration is required, the target cluster can obtain the corresponding backup data from the object storage using Velero and restore cluster resources as required.

According to Migration Solution, you will need to prepare temporary object storage to store backup files before the migration. Velero supports OBS as the object storage. For details about how to deploy Velero, see Installing Velero.

Prerequisites

  • The Kubernetes version of the source on-premises cluster must be 1.10 or later, and the cluster can use DNS and Internet services properly.
  • If you are using OBS to store backup files, you must obtain the AK/SK of a user who can operate OBS. For details, see Obtaining Access Keys (AK/SK).
  • The target CCE cluster has been created.
  • The source cluster and target cluster must each have at least one idle node. It is recommended that the node specifications be 4 vCPUs and 8 GiB memory or higher.

Installing Velero

You need to first go to the OBS console and create a bucket named velero for storing backup files. The bucket name can be a custom one, which must be specified when you install Velero. Otherwise, the bucket cannot be accessed and the backup will fail. For details, see 5.

  • Velero instances need to be installed and deployed in both the source and target clusters and are used for backup and restoration, respectively. The installation procedures are the same.
  • The master node of a CCE cluster does not support remote login ports. You can use kubectl to install Velero.
  • If there are a large number of resources to back up, you are advised to adjust the CPU and memory resources of Velero and node-agent to 1 vCPU and 1 GiB of memory or higher. For details, see Backup Tool Resources Are Insufficient.
  • The object storage bucket for storing backup files must be empty.

Then, you can download the latest, stable binary file from https://github.com/vmware-tanzu/velero/releases. The following uses Velero 1.15.1 as an example. The process of installing Velero in the source cluster is identical to the target cluster.

  1. Log in to a VM that can access the public network and use kubectl to access the cluster where Velero is to be installed.
  2. Download the binary file of Velero 1.15.1.

    wget https://github.com/vmware-tanzu/velero/releases/download/v1.15.1/velero-v1.15.1-linux-amd64.tar.gz

  3. Install the Velero client.

    tar -xvf velero-v1.15.1-linux-amd64.tar.gz
    cp ./velero-v1.15.1-linux-amd64/velero /usr/local/bin

  4. Create the access key file credentials-velero for the backup object storage.

    vim credentials-velero
    Replace the AK/SK in the file as required. If OBS is used, you can obtain the AK/SK by referring to Obtaining Access Keys (AK/SK).
    OBS_ACCESS_KEY=<Your AK>
    OBS_SECRET_KEY=<Your SK>

  5. Deploy the Velero server. Change the value of --bucket to the name of the created object storage bucket. In this example, the bucket name is velero. For more details about custom installation parameters, see Customize Velero Install.

    velero install \
      --provider huawei.com/huaweicloud \
      --plugins swr.ap-southeast-1.myhuaweicloud.com/huaweiclouddeveloper/velero-plugin-for-huaweicloud:v1.0.0 \
      --bucket velero \
      --secret-file ./credentials-velero \
      --use-node-agent \
      --use-volume-snapshots=false \
      --backup-location-config endpoint=obs.ap-southeast-1.myhuaweicloud.com
    Table 1 Installation parameters of Velero

    Parameter

    Description

    --provider

    Component provider.

    --plugins

    Container image address of the component.

    --bucket

    Name of the object storage bucket for storing backup files. The bucket must be created in advance.

    --secret-file

    Secret file for accessing the object storage, which is, the credentials-velero file created in 4.

    --use-node-agent

    Whether to enable PV data backup. You are advised to enable this function. Otherwise, storage volume resources cannot be backed up.

    --use-volume-snapshots

    Whether to create a VolumeSnapshotLocation object for PV snapshot, which requires support from the snapshot program. Set this parameter to false.

    --backup-location-config

    OBS bucket configuration.

    • endpoint: API access address of the OBS bucket. The value of this parameter depends on the region where the OBS bucket is located.

      For example, if the region is Hong Kong, China (ap-southeast-1), the parameter value is obs.ap-southeast-1.myhuaweicloud.com.

  6. View the pod status. By default, a namespace named velero is created for the Velero instance.

    kubectl get pod -n velero

    Information similar to the following is displayed:

    NAME                   READY   STATUS    RESTARTS   AGE
    node-agent-rn29c       1/1     Running   0          16s
    velero-c9ddd56-tkzpk   1/1     Running   0          16s

    To prevent memory insufficiency during backup in the actual production environment, you are advised to change the CPU and memory allocated to node-agent and Velero by referring to Backup Tool Resources Are Insufficient.

  7. Add environment variables to the Velero instance to read the key file for accessing the OBS bucket.

    kubectl patch deployment velero -n velero --patch \ '{"spec":{"template":{"spec":{"containers":[{"name": "velero", "env": [{"name": "HUAWEI_CLOUD_CREDENTIALS_FILE", "value": "/credentials/cloud"}]}]}}}}'

  8. Check the interconnection between Velero and OBS and ensure that the status is Available.

    velero backup-location get

    Information similar to the following is displayed:

    NAME      PROVIDER   BUCKET/PREFIX   PHASE       LAST VALIDATED                  ACCESS MODE   DEFAULT
    default   ***        velero          Available   2025-06-04 17:40:55 +0800 CST   ReadWrite     true