Title here
Summary here
Posted in cloud on January 20, 2025 by Adrian Wyssmann ‐ 2 min read
velero is a backup and restore tha allows you to
We are currently running velero. However we want to use Azure Managed Identity. Currently our setup is that we have 2 different resource groups
Looking trough the documentation, it is not very clear to me on how to specify different resource groups using ./credentials-velero
. Actually it’s quite simple. So if you are installing velero with helm you need to define the following in the values.yaml
serviceAccount:
server:
create: true
name: velero-server
annotations:
azure.workload.identity/client-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
podLabels:
azure.workload.identity/use: "true"
configuration.backupStorageLocation[0].config.useAAD
configuration:
backupStorageLocation:
- name: "backup-velero" # Name for the velero backup location object, where backups should be stored.
provider: azure
bucket: "velero-backup" # The bucket/blob container in which to store backups.
default: true
validationFrequency:
accessMode: ReadWrite
config:
resourceGroup: "rg-velero" # Name of the resource group containing the storage account for this backup storage location.
subscriptionId: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" # ID of the subscription for this backup storage location
storageAccount: "velero" # Name of the storage account for this backup storage location
useAAD: "true"
credentials:
useSecret: true
name: azure
secretContents:
cloud: |
AZURE_TENANT_ID={{ .AZURE_TENANT_ID }}
AZURE_CLIENT_ID={{ .AZURE_CLIENT_ID }}
AZURE_SUBSCRIPTION_ID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
AZURE_RESOURCE_GROUP=rg-aks-pool
AZURE_CLOUD_NAME=AzurePublicCloud