v1.2.0
2019-11-07
Download
https://github.com/vmware-tanzu/velero/releases/tag/v1.2.0
Container Image
velero/velero:v1.2.0
Please note that as of this release we are no longer publishing new container images to gcr.io/heptio-images
. The existing ones will remain there for the foreseeable future.
Documentation
https://velero.io/docs/v1.2.0/
Upgrading
https://velero.io/docs/v1.2.0/upgrade-to-1.2/
Highlights
Moving Cloud Provider Plugins Out of Tree
Velero has had built-in support for AWS, Microsoft Azure, and Google Cloud Platform (GCP) since day 1. When Velero moved to a plugin architecture for object store providers and volume snapshotters in version 0.6, the code for these three providers was converted to use the plugin interface provided by this new architecture, but the cloud provider code still remained inside the Velero codebase. This put the AWS, Azure, and GCP plugins in a different position compared with other providers’ plugins, since they automatically shipped with the Velero binary and could include documentation in-tree.
With version 1.2, we’ve extracted the AWS, Azure, and GCP plugins into their own repositories, one per provider. We now also publish one plugin image per provider. This change brings these providers to parity with other providers’ plugin implementations, reduces the size of the core Velero binary by not requiring each provider’s SDK to be included, and opens the door for the plugins to be maintained and released independently of core Velero.
Restic Integration Improvements
We’ve continued to work on improving Velero’s restic integration. With this release, we’ve made the following enhancements:
- Restic backup and restore progress is now captured during execution and visible to the user through the
velero backup/restore describe --details
command. The details are updated every 10 seconds. This provides a new level of visibility into restic operations for users. - Restic backups of persistent volume claims (PVCs) now remain incremental across the rescheduling of a pod. Previously, if the pod using a PVC was rescheduled, the next restic backup would require a full rescan of the volume’s contents. This improvement potentially makes such backups significantly faster.
- Read-write-many volumes are no longer backed up once for every pod using the volume, but instead just once per Velero backup. This improvement speeds up backups and prevents potential restore issues due to multiple copies of the backup being processed simultaneously.
Clone PVs When Cloning a Namespace
Before version 1.2, you could clone a Kubernetes namespace by backing it up and then restoring it to a different namespace in the same cluster by using the --namespace-mappings
flag with the velero restore create
command. However, in this scenario, Velero was unable to clone persistent volumes used by the namespace, leading to errors for users.
In version 1.2, Velero automatically detects when you are trying to clone an existing namespace, and clones the persistent volumes used by the namespace as well. This doesn’t require the user to specify any additional flags for the velero restore create
command. This change lets you fully achieve your goal of cloning namespaces using persistent storage within a cluster.
Improved Server-Side Encryption Support
To help you secure your important backup data, we’ve added support for more forms of server-side encryption of backup data on both AWS and GCP. Specifically:
- On AWS, Velero now supports Amazon S3-managed encryption keys (SSE-S3), which uses AES256 encryption, by specifying
serverSideEncryption: AES256
in a backup storage location’s config. - On GCP, Velero now supports using a specific Cloud KMS key for server-side encryption by specifying
kmsKeyName: <key name>
in a backup storage location’s config.
CRD Structural Schema
In Kubernetes 1.16, custom resource definitions (CRDs) reached general availability. Structural schemas are required for CRDs created in the apiextensions.k8s.io/v1
API group. Velero now defines a structural schema for each of its CRDs and automatically applies it the user runs the velero install
command. The structural schemas enable the user to get quicker feedback when their backup, restore, or schedule request is invalid, so they can immediately remediate their request.
All Changes
- Ensure object store plugin processes are cleaned up after restore and after BSL validation during server start up (#2041, @betta1)
- bug fix: don't try to restore pod volume backups that don't have a snapshot ID (#2031, @skriss)
- Restore Documentation: Updated Restore Documentation with Clarification implications of removing restore object. (#1957, @nainav)
- add
--allow-partially-failed
flag tovelero restore create
for use with--from-schedule
to allow partially-failed backups to be restored (#1994, @skriss) - Allow backup storage locations to specify backup sync period or toggle off sync (#1936, @betta1)
- Remove cloud provider code (#1985, @carlisia)
- Restore action for cluster/namespace role bindings (#1974, @alexander-demichev)
- Add
--no-default-backup-location
flag tovelero install
(#1931, @Frank51) - If includeClusterResources is nil/auto, pull in necessary CRDs in backupResource (#1831, @sseago)
- Azure: add support for Azure China/German clouds (#1938, @andyzhangx)
- Add a new required
--plugins
flag forvelero install
command.--plugins
takes a list of container images to add as initcontainers. (#1930, @nrb) - restic: only backup read-write-many PVCs at most once, even if they're annotated for backup from multiple pods. (#1896, @skriss)
- Azure: add support for cross-subscription backups (#1895, @boxcee)
- adds
insecureSkipTLSVerify
server config for AWS storage and--insecure-skip-tls-verify
flag on client for self-signed certs (#1793, @s12chung) - Add check to update resource field during backupItem (#1904, @spiffcs)
- Add
LD_LIBRARY_PATH
(=/plugins) to the env variables of velero deployment. (#1893, @lintongj) - backup sync controller: stop using
metadata/revision
file, do a full diff of bucket contents vs. cluster contents each sync interval (#1892, @skriss) - bug fix: during restore, check item's original namespace, not the remapped one, for inclusion/exclusion (#1909, @skriss)
- adds structural schema to Velero CRDs created on Velero install, enabling validation of Velero API fields (#1898, @prydonius)
- GCP: add support for specifying a Cloud KMS key name to use for encrypting backups in a storage location. (#1879, @skriss)
- AWS: add support for SSE-S3 AES256 encryption via
serverSideEncryption
config field in BackupStorageLocation (#1869, @skriss) - change default
restic prune
interval to 7 days, addvelero server/install
flags for specifying an alternate default value. (#1864, @skriss) - velero install: if
--use-restic
and--wait
are specified, wait up to a minute for restic daemonset to be ready (#1859, @skriss) - report restore progress in PodVolumeRestores and expose progress in the velero restore describe --details command (#1854, @prydonius)
- Jekyll Site updates - modifies documentation to use a wider layout; adds better markdown table formatting (#1848, @ccbayer)
- fix excluding additional items with the velero.io/exclude-from-backup=true label (#1843, @prydonius)
- report backup progress in PodVolumeBackups and expose progress in the velero backup describe --details command. Also upgrades restic to v0.9.5 (#1821, @prydonius)
- Add
--features
argument to all velero commands to provide feature flags that can control enablement of pre-release features. (#1798, @nrb) - when backing up PVCs with restic, specify
--parent
flag to prevent full volume rescans after pod reschedules (#1807, @skriss) - remove 'restic check' calls from before/after 'restic prune' since they're redundant (#1794, @skriss)
- fix error formatting due interpreting % as printf formatted strings (#1781, @s12chung)
- when using
velero restore create --namespace-mappings ...
to create a second copy of a namespace in a cluster, create copies of the PVs used (#1779, @skriss) - adds --from-schedule flag to the
velero create backup
command to create a Backup from an existing Schedule (#1734, @prydonius)