Skip to content

Example Deployment with OpenTofu Terraform

Jump to bottom
Christoph Raitzig edited this page Sep 28, 2024 · 1 revision

This page describes an example Velero deployment using this plugin with OpenTofu or Terraform using Helm. This example deployment can be used as a starting point for your own deployment or a reference on how certain variables are expected to be set.

This deployment uses 4 files:

  • velero.tf: Velero helm chart deployment
  • velero-namespace.yml: Velero namespace resource
  • velero-repo-credentials: Velero repo credentials
  • variables.tf: OpenTofu/Terraform variable declarations

The file contents are:

velero.tf:

resource "kubectl_manifest" "velero-namespace" {
  yaml_body = file("${path.module}/velero-namespace.yml")
}

resource "helm_release" "velero" {
  name       = "velero"
  namespace  = "velero"

  repository = "https://vmware-tanzu.github.io/helm-charts"
  chart      = "velero"
  version    = "5.3.0"

  set {
    name  = "configuration.backupStorageLocation[0].provider"
    value = "talinx.dev/webdav-object-store-plugin"
  }

  set {
    name  = "configuration.backupStorageLocation[0].bucket"
    value = var.velero_bucket
  }

  set {
    name  = "configuration.backupStorageLocation[0].config.root"
    value = var.velero_webdav_url
  }

  set {
    name  = "configuration.backupStorageLocation[0].config.user"
    value = var.velero_webdav_username
  }

  set {
    name  = "configuration.backupStorageLocation[0].config.webDAVPassword"
    value = var.velero_webdav_password
  }

  set {
    name  = "configuration.backupStorageLocation[0].config.webDAVUrl"
    value = var.velero_webdav_url
  }

  set {
    name  = "configuration.backupStorageLocation[0].config.username"
    value = var.velero_webdav_username
  }

  set {
    name  = "configuration.backupStorageLocation[0].config.password"
    value = var.velero_webdav_password
  }

  set {
    name  = "configuration.backupStorageLocation[0].config.bucketsDir"
    value = var.velero_bucketsdir
  }

  set {
    name  = "configuration.volumeSnapshotLocation[0].name"
    value = "not-used"
  }

  set {
    name  = "configuration.defaultVolumesToFsBackup"
    value = true
  }

  set {
    name  = "configuration.uploaderType"
    value = "kopia"
  }

  set {
    name  = "initContainers[0].name"
    value = "velero-plugin-for-webdav"
  }

  set {
    name  = "initContainers[0].image"
    value = "talinx/velero-plugin-for-webdav:1.0"
  }

  set {
    name  = "initContainers[0].volumeMounts[0].mountPath"
    value = "/target"
  }

  set {
    name  = "initContainers[0].volumeMounts[0].name"
    value = "plugins"
  }

  set {
    name  = "snapshotsEnabled"
    value = false
  }

  set {
    name  = "deployNodeAgent"
    value = true
  }

  set {
    name  = "nodeAgent.privileged"
    value = true
  }

  # --- custom image ---
  set {
    name  = "image.repository"
    value = "talinx/velero"
  }

  set {
    name  = "image.tag"
    value = "v1.13.0"
  }

  depends_on = [
    kubectl_manifest.velero-namespace
  ]
}

resource "kubectl_manifest" "velero-repo-credentials-secret" {
  yaml_body = templatefile("${path.module}/velero-repo-credentials.yml", {
    velero_repository_password: var.velero_repository_password
  })

  depends_on = [
    helm_release.velero
  ]
}

velero-namespace.yml:

apiVersion: v1
kind: Namespace
metadata:
  name: velero

velero-repo-credentials.yml:

apiVersion: v1
kind: Secret
metadata:
  name: velero-repo-credentials
  namespace: velero
data:
  repository-password: ${velero_repository_password}

variables.tf:

variable "velero_repository_password" {
  sensitive = true
  default = "c3RhdGljLXBhc3N3MHJk"
  type    = string
}

variable "velero_bucket" {
  default = "velero-backup-bucket"
  type    = string
}

variable "velero_bucketsdir" {
  default = "buckets"
  type    = string
}

variable "velero_webdav_url" {
  default = ""
  type    = string
}

variable "velero_webdav_username" {
  default = ""
  type    = string
}

variable "velero_webdav_password" {
  sensitive = true
  default   = ""
  type      = string
}
  1. Add these files to your project (you usually already have a variables.tf file, append it appropriately).
  2. Setup a WebDAV server.
  3. Set the variables, e. g. by setting the TF_VAR_... environment variables.
  4. Apply with tofu apply or terraform apply.
  5. Create a velero backup schedule.

You can create backup schedules with the velero command. To e. g. backup every day at 3:37 am:

velero schedule create --default-volumes-to-fs-backup --exclude-namespaces kube-system,kube-node-lease,kube-public,system-upgrade,velero,traefik,cert-manager my-backup-schedule --schedule "37 3 * * *"

This command excludes certain namespaces from backups and applies some other options. Consult the velero documentation on these. Always test your backup strategy.

Clone this wiki locally