Skip to main content

Storage Destinations

You can use compatible Velero storage providers with the Replicated snapshot feature. For more information, see Providers in the Velero documentation.

The Replicated admin console has built-in support for using the following as storage destinations for snapshots:

  • Amazon Web Services (AWS)
  • Google Cloud Platform (GCP)
  • Microsoft Azure
  • Ceph and MinIO S3-compatible object stores
  • Network File System (NFS) servers
  • Local host paths

Although clusters created by the Replicated Kubernetes installer are preconfigured in the admin console to store backups in the locally-provisioned object store, this is sufficient for only rollbacks and downgrades. It is not a suitable configuration for disaster recovery. We recommend that you configure a storage destination that is external to the cluster in the admin console.

If the admin console is running with minimal role-based-access-control (RBAC) privileges, you must use the kots velero ensure-permissions command because the admin console requires access to the namespace in which Velero is installed.

For more information, see velero ensure-permissions in the kots CLI documentation.

For more information about RBAC privileges for the admin console, see Kubernetes RBAC.

Prerequisites for Cloud Configurations

  • Existing clusters: Customers must install Velero before configuring snapshots. See Basic Install in the Velero documentation.
  • Kubernetes installer-created clusters: The vendor can provide the Velero add-on in the embedded cluster installation. If it is not provided, the snapshots configuration dialog in the admin console notifies you to install Velero before you can proceed with the configuration.

AWS

When configuring the admin console to store snapshots on AWS, the following fields are available:

NameDescription
RegionThe AWS region that the S3 bucket is available in
BucketThe name of the S3 bucket to use
Path (Optional)The path in the bucket to store all snapshots in
Access Key ID (Optional)The AWS IAM Access Key ID that can read from and write to the bucket
Secret Access Key (Optional)The AWS IAM Secret Access Key that is associated with the Access Key ID
Use Instance RoleWhen enabled, instead of providing an Access Key ID and Secret Access Key, Velero will use an instance IAM role
Add a CA Certificate(Optional) Upload a third-party issued (proxy) CA certificate used for trusting the authenticity of the snapshot storage endpoint. Only one file can be uploaded. However, it is possible to concatenate multiple certificates into one file. Formats: PEM, CER, CRT, CA, and KEY

GCP

When configuring the admin console to store snapshots on GCP, the following fields are available:

NameDescription
BucketThe name of the GCP storage bucket to use
Path (Optional)The path in the bucket to store all snapshots in
Service AccountThe GCP IAM Service Account JSON file that has permissions to read from and write to the storage location
Add a CA Certificate(Optional) Upload a third-party issued (proxy) CA certificate used for trusting the authenticity of the snapshot storage endpoint. Only one file can be uploaded. However, it is possible to concatenate multiple certificates into one file. Formats: PEM, CER, CRT, CA, and KEY

Azure

When configuring the admin console to store snapshots on a Azure, the following fields are available:

NameDescription
BucketThe name of the Azure Blob Storage Container to use
Path (Optional)The path in the Blob Storage Container to store all snapshots in
Resource GroupThe Resource Group name of the target Blob Storage Container
Storage AccountThe Storage Account Name of the target Blob Storage Container
Subscription IDThe Subscription ID associated with the target Blob Storage Container (required only for access via Service Principle or AAD Pod Identity)
Tenant IDThe Tenant ID associated with the Azure account of the target Blob Storage container (required only for access via Service Principle)
Client IDThe Client ID of a Service Principle with access to the target Container (required only for access via Service Principle)
Client SecretThe Client Secret of a Service Principle with access to the target Container (required only for access via Service Principle)
Cloud NameThe Azure cloud for the target storage (options: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud)
Add a CA Certificate(Optional) Upload a third-party issued (proxy) CA certificate used for trusting the authenticity of the snapshot storage endpoint. Only one file can be uploaded. However, it is possible to concatenate multiple certificates into one file. Formats: PEM, CER, CRT, CA, and KEY

Only connections with Service Principles are supported at this time.

For more information about authentication methods and setting up Azure, see Velero plugins for Microsoft Azure in the velero-plugin-for-microsoft-azure GitHub repository.

S3-Compatible

Replicated supports the following S3-compatible object stores for storing backups with Velero:

  • Ceph RADOS v12.2.7. For more information, see the Ceph documentation.
  • MinIO. For more information, see the MinIO documentation.

When configuring the admin console to store snapshots on S3-compatible storage, the following fields are available:

NameDescription
RegionThe AWS region that the S3 bucket is available in
EndpointThe endpoint to use to connect to the bucket
BucketThe name of the S3 bucket to use
Path (Optional)The path in the bucket to store all snapshots in
Access Key ID (Optional)The AWS IAM Access Key ID that can read from and write to the bucket
Secret Access Key (Optional)The AWS IAM Secret Access Key that is associated with the Access Key ID
Use Instance RoleWhen enabled, instead of providing an Access Key ID and Secret Access Key, Velero will use an instance IAM role
Add a CA Certificate(Optional) Upload a third-party issued (proxy) CA certificate used for trusting the authenticity of the snapshot storage endpoint. Only one file can be uploaded. However, it is possible to concatenate multiple certificates into one file. Formats: PEM, CER, CRT, CA, and KEY

Network File System (NFS)

Introduced in the Replicated app manager v1.33.0

Host Path

Introduced in the app manager v1.33.0