This is the documentation for the latest development version of Velero. Both code and docs may be unstable, and these docs are not guaranteed to be up to date or correct. See the latest version.
Velero supports Restore Hooks, custom actions that can be executed during or after the restore process. There are two kinds of Restore Hooks:
Use an InitContainer
hook to add init containers into a pod before it’s restored. You can use these init containers to run any setup needed for the pod to resume running from its backed-up state.
The InitContainer added by the restore hook will be the first init container in the podSpec
of the restored pod.
In the case where the pod had volumes backed up using File System Backup, then, the restore hook InitContainer will be added after the restore-wait
InitContainer.
NOTE: This ordering can be altered by any mutating webhooks that may be installed in the cluster.
There are two ways to specify InitContainer
restore hooks:
Below are the annotations that can be added to a pod to specify restore hooks:
init.hook.restore.velero.io/container-image
init.hook.restore.velero.io/container-name
init.hook.restore.velero.io/command
ENTRYPOINT
for the init container being added. This command is not executed within a shell and the container image’s ENTRYPOINT
is used if this is not provided. If a shell is needed to run your command, include a shell command, like /bin/sh
, that is supported by the container at the beginning of your command. If you need multiple arguments, specify the command as a JSON array, such as ["/usr/bin/uname", "-a"]
. See
InitContainer As Pod Annotation Example. Optional.Use the below commands to add annotations to the pods before taking a backup.
$ kubectl annotate pod -n <POD_NAMESPACE> <POD_NAME> \
init.hook.restore.velero.io/container-name=restore-hook \
init.hook.restore.velero.io/container-image=alpine:latest \
init.hook.restore.velero.io/command='["/bin/ash", "-c", "date"]'
With the annotation above, Velero will add the following init container to the pod when it’s restored.
{
"command": [
"/bin/ash",
"-c",
"date"
],
"image": "alpine:latest",
"imagePullPolicy": "Always",
"name": "restore-hook"
...
}
Init container restore hooks can also be specified using the RestoreSpec
.
Please refer to the documentation on the
Restore API Type for how to specify hooks in the Restore spec.
Init container restore hook command is not executed within a shell by default. If a shell is needed to run your command, include a shell command, like /bin/sh, that is supported by the container at the beginning of your command.
Below is an example of specifying restore hooks in RestoreSpec
apiVersion: velero.io/v1
kind: Restore
metadata:
name: r2
namespace: velero
spec:
backupName: b2
excludedResources:
...
includedNamespaces:
- '*'
hooks:
resources:
- name: restore-hook-1
includedNamespaces:
- app
postHooks:
- init:
initContainers:
- name: restore-hook-init1
image: alpine:latest
volumeMounts:
- mountPath: /restores/pvc1-vm
name: pvc1-vm
command:
- /bin/ash
- -c
- echo -n "FOOBARBAZ" >> /restores/pvc1-vm/foobarbaz
- name: restore-hook-init2
image: alpine:latest
volumeMounts:
- mountPath: /restores/pvc2-vm
name: pvc2-vm
command:
- /bin/ash
- -c
- echo -n "DEADFEED" >> /restores/pvc2-vm/deadfeed
The hooks
in the above RestoreSpec
, when restored, will add two init containers to every pod in the app
namespace
{
"command": [
"/bin/ash",
"-c",
"echo -n \"FOOBARBAZ\" >> /restores/pvc1-vm/foobarbaz"
],
"image": "alpine:latest",
"imagePullPolicy": "Always",
"name": "restore-hook-init1",
"resources": {},
"terminationMessagePath": "/dev/termination-log",
"terminationMessagePolicy": "File",
"volumeMounts": [
{
"mountPath": "/restores/pvc1-vm",
"name": "pvc1-vm"
}
]
...
}
and
{
"command": [
"/bin/ash",
"-c",
"echo -n \"DEADFEED\" >> /restores/pvc2-vm/deadfeed"
],
"image": "alpine:latest",
"imagePullPolicy": "Always",
"name": "restore-hook-init2",
"resources": {},
"terminationMessagePath": "/dev/termination-log",
"terminationMessagePolicy": "File",
"volumeMounts": [
{
"mountPath": "/restores/pvc2-vm",
"name": "pvc2-vm"
}
]
...
}
Use an Exec Restore hook to execute commands in a restored pod’s containers after they start.
There are two ways to specify Exec
restore hooks:
If a pod has the annotation post.hook.restore.velero.io/command
then that is the only hook that will be executed in the pod.
No hooks from the restore spec will be executed in that pod.
Below are the annotations that can be added to a pod to specify exec restore hooks:
post.hook.restore.velero.io/container
post.hook.restore.velero.io/command
/bin/sh
, that is supported by the container at the beginning of your command. If you need multiple arguments, specify the command as a JSON array, such as ["/usr/bin/uname", "-a"]
. See
Exec Restore Hooks As Pod Annotation Example. Optional.post.hook.restore.velero.io/on-error
Fail
and Continue
. Defaults to Continue
. With Continue
mode, execution failures are logged only. With Fail
mode, no more restore hooks will be executed in any container in any pod and the status of the Restore will be PartiallyFailed
. Optional.post.hook.restore.velero.io/exec-timeout
post.hook.restore.velero.io/wait-timeout
post.hook.restore.velero.io/wait-for-ready
WaitForReady
flag as “true”, all the other hook executions for that pod, whatever their origin (Backup
or Restore
CRD), will wait for Ready
state too. Any value except “true” will be considered as “false”. Defaults is false. Optional.Use the below commands to add annotations to the pods before taking a backup.
$ kubectl annotate pod -n <POD_NAMESPACE> <POD_NAME> \
post.hook.restore.velero.io/container=postgres \
post.hook.restore.velero.io/command='["/bin/bash", "-c", "psql < /backup/backup.sql"]' \
post.hook.restore.velero.io/wait-timeout=5m \
post.hook.restore.velero.io/exec-timeout=45s \
post.hook.restore.velero.io/on-error=Continue
Exec restore hooks can also be specified using the RestoreSpec
.
Please refer to the documentation on the
Restore API Type for how to specify hooks in the Restore spec.
Exec restore hook command is not executed within a shell by default. If a shell is needed to run your command, include a shell command, like /bin/sh, that is supported by the container at the beginning of your command.
Below is an example of specifying restore hooks in a RestoreSpec
.
When using the restore spec it is possible to specify multiple hooks for a single pod, as this example demonstrates.
All hooks applicable to a single container will be executed sequentially in that container once it starts.
The ordering of hooks executed in a single container follows the order of the restore spec.
In this example, the pg_isready
hook is guaranteed to run before the psql
hook because they both apply to the same container and the pg_isready
hook is defined first.
If a pod has multiple containers with applicable hooks, all hooks for a single container will be executed before executing hooks in another container. In this example, if the postgres container starts before the sidecar container, both postgres hooks will run before the hook in the sidecar. This means the sidecar container may be running for several minutes before its hook is executed.
Velero guarantees that no two hooks for a single pod are executed in parallel, but hooks executing in different pods may run in parallel.
apiVersion: velero.io/v1
kind: Restore
metadata:
name: r2
namespace: velero
spec:
backupName: b2
excludedResources:
...
includedNamespaces:
- '*'
hooks:
resources:
- name: restore-hook-1
includedNamespaces:
- app
postHooks:
- exec:
execTimeout: 1m
waitTimeout: 5m
onError: Fail
container: postgres
command:
- /bin/bash
- '-c'
- 'while ! pg_isready; do sleep 1; done'
- exec:
container: postgres
waitTimeout: 6m
execTimeout: 1m
command:
- /bin/bash
- '-c'
- 'psql < /backup/backup.sql'
- exec:
container: sidecar
command:
- /bin/bash
- '-c'
- 'date > /start'
You are able to use environment variables from your pods in your pre and post hook commands by including a shell command before using the environment variable. For example, MYSQL_ROOT_PASSWORD
is an environment variable defined in pod called mysql
. To use MYSQL_ROOT_PASSWORD
in your pre-hook, you’d include a shell, like /bin/sh
, before calling your environment variable:
postHooks:
- exec:
container: mysql
command:
- /bin/sh
- -c
- mysql --password=$MYSQL_ROOT_PASSWORD -e "FLUSH TABLES WITH READ LOCK"
onError: Fail
Note that the container must support the shell command you use.
To help you get started, see the documentation.