Velero: Add option to back up all volumes by default with restic
Describe the problem/challenge you have
Right now, Velero uses an "opt-in" approach to getting volumes backups with restic. Every pod containing a volume to be backed up must be annotated with the volume's name in order for Velero/restic to back it up. This can be burdensome for users.
Describe the solution you'd like
We should consider a mode where volumes are backed up by default if restic is enabled, and the user can "opt-out" any volumes that they don't want to be backed up.
Some questions around how this should work:
- should we back up all pod volumes, or just PVCs, by default?
- what does the "opt out" UX look like? Annotation on pod/PVC?
- should we add a new spec field to backups, e.g.
ResticBackupVolumes, that must be true in order to get the opt-in behavior? Or should it be the default behavior?
xref #1586 (item 2)
skriss
All 8 comments
In my view
- Velero should backup all PVCs(excluding those are marked manually to not backed up ) available in k8s cluster those are attached to running pods(pods - which are being backed-up as part of velero backup process)
- Manual Exclusion annotation can be done at pod level or namespace level. If done at namespace level then it should ignore all its pod for restic backup and if it is done at pod level then it should ignore only that pod in that namespace.
annotation something like this
kubectl annotate namespace/"NAMESPACE_NAME" backup.velero.io/backup-volumes-excludes=yes
kubectl -n "NAMESPACE_NAME" annotate pod/"POD_NAME" backup.velero.io/backup-volumes-excludes="VOLUME_NAME"
Currently I am using bash script to do this. I run this script before full cluster backup to annotate my pod if it is recreated or some new pod added with PVC.
adityagu0910
on 12 Sep 2019
Look at backing up PVCs that don't have snapshotters by default
Annotation to opt out
skriss
on 16 Sep 2019
Would this be considered a breaking change? Users using the annotation today to backup select volumes will find that all their PVC volumes are now being backed up.
Also, what about the case where you are using both a snapshotter and restic, today I believe the annotation takes precedence, sounds like with this proposal the snapshotter will always take precedence.
prydonius
on 16 Sep 2019
Still need to flesh out a detailed proposal, but it potentially could be a breaking behavior change (though unlikely to be a breaking API change). If we're not comfortable with that, we can choose to add a flag somewhere (on the backup, on the server) to opt into this behavior.
skriss
on 16 Sep 2019
check this
https://github.com/zakkg3/podannotator
Just run annotator namespace1 namespace2 and this will annotate your pvc's to be backed up by velero.
zakkg3
on 16 Mar 2020
I added this topic to our community meeting tomorrow (3/31): https://hackmd.io/Jq6F5zqZR7S80CeDWUklkA?both#March-31-2020.
carlisia
on 31 Mar 2020
cc @stephbman
skriss
on 1 May 2020
I've added the topic to our community meeting agenda for 5/12 here: https://hackmd.io/Jq6F5zqZR7S80CeDWUklkA?view
A detailed product requirements document can be accessed here:
https://drive.google.com/file/d/1i5IQfuOtsHhGuYiiTrCZ6zjVhtKWLRqV/view?usp=sharing
Relates to these issues:
https://github.com/vmware-tanzu/velero/issues/605
https://github.com/vmware-tanzu/velero/issues/2375
cc: @skriss and @carlisia
stephbman
on 12 May 2020
Related issues
Berndinox
路
3Comments
onedr0p
路
3Comments
Berndinox
路
3Comments
nrb
路
4Comments
Yggdrasil
路
3Comments
Most helpful comment
check this
https://github.com/zakkg3/podannotator
Just run
annotator namespace1 namespace2and this will annotate your pvc's to be backed up by velero.