Enabling data protection in Tanzu Mission Control using Velero

by Jeffrey Kusters 18. August 2020 Cloud-Native, VMware 0

VMware recently added data protection capabilities to Tanzu Mission Control (TMC). Data protection allows you to backup and restore Kubernetes clusters managed by Tanzu Mission Control. Data protection is enabled by the opensource Velero project that came with the Heptio acquisition.

For testing purposes, I created a Tanzu Kubernetes Grid (TKG) cluster on AWS EC2. It was deployed using TMC and I’m going to enable data protection on it:

The full instructions are available on VMware Docs and they are outstanding. With this blogpost, I want to provide an easy to digest overview of the required steps to enable data protection in TMC.

Creating the Data Protection Provider Credential in Tanzu Mission Control

Data protection currently supports backing up to Amazon S3. We first need to create a Cloud Provider Account TMC can use to access AWS resources. The wizard provides an easy to follow procedure.

TMC provides a Data Protection CloudFormation template. This template creates a CloudFormation stack which automates the creation of all the required resources in AWS, such as S3 buckets, IAM roles and so on. When the deployment of the CF Stack has completed, make sure to copy the ARN (Amazon Resource Name) of the IAM role created for the Cloud Provider Account and paste it into the wizard in TMC in step 3:

Enabling Data Protection on the Cluster

With the Cloud Provider Account created, we can now enable Data Protection on the Kubernetes cluster:

At this point, we need to provide the account credential for data protection:

After enabling Data Protection, I can see the Velero namspace created on my cluster in which the Velero server component runs in a pod:

Create a Backup in Tanzu Mission Control

All that’s left is to create our first backup in three simple steps. First, do we want to backup the entire cluster, selected namespaces or use labels?