Velero backup considerations

Are there any considerations that self-hosted okteto clusters can to take into account for the implementation of Velero backup and restoration?

Velero is an open-source tool designed to simplify the management and protection of applications deployed within Kubernetes clusters. With its focus on backup and restore operations, Velero plays a crucial role in ensuring the availability and integrity of application data in dynamic containerized environments. To learn more, you can visit the Velero website.

Beyond its role as the likely standard for Kubernetes backups, Velero holds significant expertise as our chosen application for ensuring data integrity of the SaaS Environments.

Restoring the Okteto namespace can unfold in various scenarios, with a general guideline suggesting the optimal approach. In the event of a disaster, a best practice, whenever the registry storage is configured in a bucket, is to first restore secrets and service accounts, followed by the recreation of other components by re-installing the Helm chart. This action triggers migration jobs and reinstates webhooks, effectively responding to the situation.

A backup of the specific resources mentioned above is a requirement for a successful backup. However, there is also the option of making a backup of the entire cluster.

There are two categories for the restoration of the user namespaces and the Okteto namespaces:

  1. Same Cluster Scenario:
    In situations where restoration is within the same cluster, the most effective sequence involves restoring the Okteto namespace initially, followed by the restoration of user namespaces. By prioritizing the Okteto namespace, we ensure that the fundamental security elements, secrets, and service accounts are swiftly re-established. This provides a secure foundation for subsequent user namespace restorations. This approach acknowledges the critical role of Okteto in orchestrating user environments.
  2. New Cluster Scenario:
    Conversely, if restoration takes place in a new cluster, the recommended sequence is to first restore user namespaces, followed by the Okteto namespace. By prioritizing user namespace restoration, we swiftly recreate the individual user environments. Once these are established, the restoration of the Okteto namespace can take place. This sequential approach aligns with the new cluster’s environment setup, ensuring a streamlined and coherent restoration process.

It’s important to note that private registry configurations are not reestablished until the chart is reinstalled. Consequently, this might lead to certain pods being unable to run during this period.