Installing the Migration Tool

Velero is an open-source backup and migration tool for Kubernetes clusters. With restic's PV data backup capabilities, Velero can back up Kubernetes resource objects (such as Deployments, jobs, Services, and ConfigMaps) in the source cluster and data in PVs mounted to pods and uploaded them to object storage. If a disaster occurs or migration is required, the target cluster can obtain the corresponding backup data from the object storage using Velero and restore cluster resources as required.

According to Migration Solution, you will need to prepare temporary object storage to store backup files before the migration. Velero supports OBS as the object storage. For details about how to deploy Velero, see Installing Velero.

Prerequisites

The Kubernetes version of the source on-premises cluster must be 1.10 or later, and the cluster can use DNS and Internet services properly.
If you are using OBS to store backup files, you must obtain the AK/SK of a user who can operate OBS. For details, see Obtaining Access Keys (AK/SK).
The target CCE cluster has been created.
The source cluster and target cluster must each have at least one idle node. It is recommended that the node specifications be 4 vCPUs and 8 GiB memory or higher.

Installing Velero

You need to first go to the OBS console and create a bucket named velero for storing backup files. The bucket name can be a custom one, which must be specified when you install Velero. Otherwise, the bucket cannot be accessed and the backup will fail. For details, see 5.

Velero instances need to be installed and deployed in both the source and target clusters and are used for backup and restoration, respectively. The installation procedures are the same.
The master node of a CCE cluster does not support remote login ports. You can use kubectl to install Velero.
If there are a large number of resources to back up, you are advised to adjust the CPU and memory resources of Velero and node-agent to 1 vCPU and 1 GiB of memory or higher. For details, see Backup Tool Resources Are Insufficient.
The object storage bucket for storing backup files must be empty.

Then, you can download the latest, stable binary file from https://github.com/vmware-tanzu/velero/releases. The following uses Velero 1.15.1 as an example. The process of installing Velero in the source cluster is identical to the target cluster.

Download the binary file of Velero 1.15.1.

wget https://github.com/vmware-tanzu/velero/releases/download/v1.15.1/velero-v1.15.1-linux-amd64.tar.gz

Install the Velero client.

tar -xvf velero-v1.15.1-linux-amd64.tar.gz
cp ./velero-v1.15.1-linux-amd64/velero /usr/local/bin

Create the access key file credentials-velero for the backup object storage.
```
vim credentials-velero
```
Replace the AK/SK in the file as required. If OBS is used, you can obtain the AK/SK by referring to Obtaining Access Keys (AK/SK).
```
OBS_ACCESS_KEY=<Your AK>
OBS_SECRET_KEY=<Your SK>
```

Deploy the Velero server. Change the value of --bucket to the name of the created object storage bucket. In this example, the bucket name is velero. For more details about custom installation parameters, see Customize Velero Install.

velero install \
  --provider huawei.com/huaweicloud \
  --plugins swr.ap-southeast-1.myhuaweicloud.com/huaweiclouddeveloper/velero-plugin-for-huaweicloud:v1.0.0 \
  --bucket velero \
  --secret-file ./credentials-velero \
  --use-node-agent \
  --use-volume-snapshots=false \
  --backup-location-config endpoint=obs.ap-southeast-1.myhuaweicloud.com

**Table 1** Installation parameters of Velero
Parameter	Description
--provider	Component provider.
--plugins	Container image address of the component.
--bucket	Name of the object storage bucket for storing backup files. The bucket must be created in advance.
--secret-file	Secret file for accessing the object storage, which is, the credentials-velero file created in 4.
--use-node-agent	Whether to enable PV data backup. You are advised to enable this function. Otherwise, storage volume resources cannot be backed up.
--use-volume-snapshots	Whether to create a VolumeSnapshotLocation object for PV snapshot, which requires support from the snapshot program. Set this parameter to false.
--backup-location-config	OBS bucket configuration. endpoint: API access address of the OBS bucket. The value of this parameter depends on the region where the OBS bucket is located. For example, if the region is Hong Kong, China (ap-southeast-1), the parameter value is obs.ap-southeast-1.myhuaweicloud.com.

View the pod status. By default, a namespace named velero is created for the Velero instance.
```
kubectl get pod -n velero
```
Information similar to the following is displayed:
```
NAME                   READY   STATUS    RESTARTS   AGE
node-agent-rn29c       1/1     Running   0          16s
velero-c9ddd56-tkzpk   1/1     Running   0          16s
```
To prevent memory insufficiency during backup in the actual production environment, you are advised to change the CPU and memory allocated to node-agent and Velero by referring to Backup Tool Resources Are Insufficient.

Add environment variables to the Velero instance to read the key file for accessing the OBS bucket.

kubectl patch deployment velero -n velero --patch \ '{"spec":{"template":{"spec":{"containers":[{"name": "velero", "env": [{"name": "HUAWEI_CLOUD_CREDENTIALS_FILE", "value": "/credentials/cloud"}]}]}}}}'

Check the interconnection between Velero and OBS and ensure that the status is Available.

velero backup-location get

Information similar to the following is displayed:

NAME      PROVIDER   BUCKET/PREFIX   PHASE       LAST VALIDATED                  ACCESS MODE   DEFAULT
default   ***        velero          Available   2025-06-04 17:40:55 +0800 CST   ReadWrite     true

Parent Topic: Procedure

Previous topic: Migrating Resources Outside a Cluster

Next topic: Migrating Resources in a Cluster (Velero)