Using Velero to back up your OKE cluster or migrate your workloads from AKS and EKS

Migrating to Container Engine for Kubernetes (OKE) can help you lower the costs of running your Kubernetes clusters. You might be wondering how to move your current workloads to Oracle Cloud Infrastructure (OCI), and we have the answer. Velero is an open source tool to safely back up and restore, perform disaster recovery, and migrate Kubernetes cluster resources and persistent volumes. It has different plugins for various cloud providers.

Because OCI Object Storage buckets are S3-compatible, we can use the Amazon Web Services (AWS) plugin to back up to OCI, regardless of where the source cluster is hosted. You can use Velero to seamlessly migrate your workloads, such as pods, deployments, secrets, persistent volumes, claims, and services, from Microsoft Azure Kubernetes Service (AKS) or AWS Elastic Kubernetes Service (EKS) to OKE. You can also make a point-in-time backup of your OKE cluster and restore it to a new one, another region, and more.

Velero OKE solution overview

Our solution uses an OCI Object Storage bucket, which is S3-compatible, as the target to back up the source Kubernetes cluster (or the namespaces you want), including deployments, services, secrets, persistent volumes, and claims. Velero creates a folder hierarchy in the configured Object Storage bucket, similar to the following example:

After setting my customer secret keys (for the S3 API endpoint), I used Velero to migrate an AKS cluster that has an NGINX pod with a persistent volume attached in it and a custom index.html file.

PS /home/guido> kubectl get pods --namespace nginx       
NAME          READY   STATUS    RESTARTS   AGE 
task-pv-pod   1/1     Running   0          47h 
PS /home/guido> kubectl exec -it task-pv-pod --namespace nginx -- curl localhost 
AKS to OKE Migration with PVC attached

I also created a dummy secret to show Velero’s capabilities:

PS /home/guido> kubectl get secrets --namespace nginx                                               
NAME           TYPE     DATA   AGE 
okemigration   Opaque   1      2s

After running the following restore process, the whole namespace was migrated, including the data in the persistent volume:

gferreyr-mac:~ gferreyr$ velero restore describe nginxoke-20230722145553 
Name:         nginxoke-20230722145553 
Namespace:    velero 
Labels:       <none> 
Annotations:  <none> 
Phase:                       Completed 
Total items to be restored:  7 
Items restored:              7

Started:    2023-07-22 14:55:54 +0300 EEST 
Completed:  2023-07-22 14:56:45 +0300 EEST

..........

gferreyr-mac:~ gferreyr$ kubectl get pod -n nginx 
NAME          READY   STATUS    RESTARTS   AGE 
task-pv-pod   1/1     Running   0          2m15s 
gferreyr-mac:~ gferreyr$ kubectl get secrets -n nginx 
NAME           TYPE     DATA   AGE 
okemigration   Opaque   1      2m21s 
gferreyr-mac:~ gferreyr$ kubectl get pvc -n nginx 
NAME            STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE 
task-pv-claim   Bound    csi-d03267f7-32cf-4068-8809-d29aa649dcba   50Gi       RWO            oci-bv         2m31s 
gferreyr-mac:~ gferreyr$</none></none>

The following string shows proof that the data has been migrated:

gferreyr-mac:~ gferreyr$ kubectl exec task-pv-pod -n nginx -- curl http://localhost 
AKS to OKE Migration with PVC attached

If you’re planning to back up only your OKE cluster or migrate it to another region, the process is the same. Use the AWS plugin to back up OKE and restore it in your cluster. Ensure that the clusters can access Object Storage by setting up service gateways.

Want more detail?

For a detailed step-by-step guide, check this tutorial: How to migrate an AKS cluster to OKE using Velero. Don’t forget to create the configMap described in the tutorial to let Velero change the storageClassName when performing the restore. Otherwise, the pods remain in a pending state.

For more information on how to use Velero, refer to their documentation.