Preparing the Azure Kubernetes Service cluster to back up the DevOps Test Hub data

When you want to back up the HCL DevOps Test Hub (Test Hub) data, you must prepare your Azure Kubernetes Service (AKS) cluster to store the backed-up data.

Before you begin

You must have completed the following tasks:

  • Ensure that you have an Azure subscription along with an Owner or Contributor and User-Access Administrator role on the Azure subscription.

    You can create a subscription from Microsoft Azure if you do not have a valid subscription.

  • Downloaded the Velero 1.14.x from the Velero repository.

    CAUTION: The instructions provided in this procedure are an example of how an AKS cluster can be configured to use Velero 1.14.x Microsoft Azure plugin for backing up and restoring the Test Hub data. The procedures to backup and restore the server data might be not valid in all the scenarios.

  • Copied the Velero executable file into one of the directories in the PATH environment variable.

  • Installed Azure Command-Line Interface (CLI). For more information, refer to the Azure CLI documentation.

About this task

Velero is one of the tools that is available to back up and restore the server data. You must prepare your AKS cluster where you installed Test Hub before you back up the data by using Velero.

Procedure

  1. Run the following command to log in to AKS interactively: 
    az login
    The command-line interface opens a browser and displays the Log-in page of AKS.
  2. Sign in with your AKS account credentials.
  3. Run the following command to set your active subscription: 
    az account set --subscription <subscription_name>

    You must replace <subscription_name> with the name of your active Azure subscription.

  4. Run the following command to set the location of your AKS cluster: 
    az configure --defaults location=<location_name>

    For example, az configure --defaults location=eastus2

    Tip: You can run the following command to get the list of all the available locations:
    az account list-locations --query "[].{DisplayName:displayName, Name:name}" -o table
  5. Run the following commands to deploy the velero backup template for taking the backup of files: 
    RESOURCE_GROUP=devops
INSTANCE=devops0
IDENTITY_NAME=velero
BLOB_CONTAINER=velero
AZURE_BACKUP_RESOURCE_GROUP=Velero_Backups
AZURE_STORAGE_ACCOUNT_ID="velero$(date -u +%s)"
MANAGED_CLUSTER_RESOURCE_GROUP=$(az aks show -g $RESOURCE_GROUP -n $INSTANCE -o tsv --query nodeResourceGroup)
cd hcl-devops/azure/    #Navigate to the directory where you have the installation files
az group create -n $AZURE_BACKUP_RESOURCE_GROUP --location  <location_name>
az deployment group create -g $MANAGED_CLUSTER_RESOURCE_GROUP --template-file azure/backup.bicep --parameters backupResourceGroupName=$AZURE_BACKUP_RESOURCE_GROUP identityName=$IDENTITY_NAME storageAccountId=$AZURE_STORAGE_ACCOUNT_ID blobContainerName=$BLOB_CONTAINER
    Note: You must replace <location_name> with the name of your location of the AKS cluster.
  6. Run the following commands to create service account and cluster role binding: 
    AZURE_SUBSCRIPTION_ID=$(az account list --query '[?isDefault].id' -o tsv)
AZURE_TENANT_ID=$(az account show -s $AZURE_SUBSCRIPTION_ID --query tenantId -o tsv)

IDENTITY_CLIENT_ID="$(az identity show -g $MANAGED_CLUSTER_RESOURCE_GROUP -n $IDENTITY_NAME --subscription $AZURE_SUBSCRIPTION_ID --query clientId -o tsv)"

kubectl create namespace velero

cat <<EOF | kubectl apply -n velero -f -
apiVersion: v1
kind: ServiceAccount
metadata:
  annotations:
    azure.workload.identity/client-id: $IDENTITY_CLIENT_ID
  name: velero
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: velero-cluster-admin
subjects:
- kind: ServiceAccount
  name: velero
  namespace: velero
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
EOF
  7. Run the following commands to establish federated identity credential between the identity and the service account issuer & subject: 
    SERVICE_ACCOUNT_ISSUER=$(az aks show --resource-group $RESOURCE_GROUP --name $INSTANCE --query oidcIssuerProfile.issuerUrl -o tsv)

az identity federated-credential create \
  --name kubernetes-federated-credential \
  --identity-name "$IDENTITY_NAME" \
  --resource-group "$MANAGED_CLUSTER_RESOURCE_GROUP" \
  --issuer "$SERVICE_ACCOUNT_ISSUER" \
  --subject system:serviceaccount:velero:velero
  8. Run the following command to create the velero credentials file that contains all the relevant environment variables: 
    cat << EOF  > ./credentials-velero
AZURE_SUBSCRIPTION_ID=$AZURE_SUBSCRIPTION_ID
AZURE_RESOURCE_GROUP=$MANAGED_CLUSTER_RESOURCE_GROUP
AZURE_CLOUD_NAME=AzurePublicCloud
EOF
  9. Run the following command to install velero: 
    velero install \
    --provider azure \
    --plugins=velero/velero-plugin-for-microsoft-azure:v1.10.1 \
    --service-account-name velero \
    --pod-labels azure.workload.identity/use=true \
    --bucket $BLOB_CONTAINER \
    --secret-file ./credentials-velero \
    --backup-location-config useAAD="true",storageAccountURI="https://$AZURE_STORAGE_ACCOUNT_ID.blob.core.windows.net",resourceGroup=$AZURE_BACKUP_RESOURCE_GROUP,storageAccount=$AZURE_STORAGE_ACCOUNT_ID,subscriptionId=$AZURE_SUBSCRIPTION_ID \
    --snapshot-location-config apiTimeout=5m,resourceGroup=$AZURE_BACKUP_RESOURCE_GROUP,subscriptionId=$AZURE_SUBSCRIPTION_ID \
    --wait
  10. To verify that the velero installation is complete, run the following command and verify that the pods are running. 
    kubectl get pod -n velero

Results

You have prepared your cluster to back up the server data.

What to do next

You can back up the server data. See Backing up the DevOps Test Hub data on Azure Kubernetes Service