Deploying OpenShift API for Data Protection on an ARO cluster

Prerequisites

• An ARO Cluster

Getting Started

1. Create the following environment variables, substituting appropriate values for your environment:

Prepare Azure Account

1. Create an Azure Storage Account as a backup target:

2. Create an Azure Blob storage container:

3. Create a role definition that will allow the operator minimal permissions to access the storage account where the backups are stored:

4. Create a service principal for interacting with the Azure API, being sure to take note of the appID and password from the output. In this command, we will store these as AZR_CLIENT_ID and AZR_CLIENT_SECRET and use them in a subsequent command:

IMPORTANT be sure to store the client id and client secret for your service principal, as they will be needed later in this walkthrough. You will see the below output from the above command:

Set the following variables:

5. Retrieve the object ID for the service principal you just created. This is used to assign permissions for this service principal using the previously created role:

6. Assign permissions on the storage account for the service principal using the permissions from the previously created role:

Deploy OADP on ARO Cluster

1. Create a namespace for OADP:

2. Deploy OADP Operator:

4. Wait for the operator to be ready:

5. Create a file containing all of the environment variables needed. These are stored in the cloud key of the secret created in the next step and is required by the operator to locate configuration information:

5. Create the secret that the operator will use to access the storage account. This is created from the secret file you created in the previous step:

WARNING be sure to delete the file at /tmp/credentials-velero once you are comfortable with the configuration and setup of the operator and have it working to avoid exposing sensitive credentials to anyone who may be sharing the system you are running these commands from.

6. Deploy a Data Protection Application:

Perform a Backup

1. Create a workload to backup:

2. Expose the route:

3. Make a request to see if the application is working:

If the application is working, you should see a response such as:

4. Backup workload:

5. Wait until backup is done:

NOTE backup is done when phase is Completed like below:

6. Delete the demo workload:

7. Restore from the backup:

8. Wait for the restore to finish:

NOTE restore is done when phase is Completed like below:

9. Ensure that workload is restored:

You should see:

If the application is working, you should see a response such as:

• For troubleshooting tips please refer to the OADP team’s troubleshooting documentation

• Additional sample applications can be found in the OADP team’s sample applications directory

Cleanup

IMPORTANT this is only necessary if you do not need to keep any of your work

Cleanup Cluster Resources

1. Delete the workload:

2. Delete the Data Protection Application:

2. Remove the operator if it is no longer required:

3. Remove the namespace for the operator:

4. Remove the backup and restore resources from the cluster if they are no longer required:

To delete the backup/restore and remote objects in Azure Blob storage:

5. Remove the Custom Resource Definitions from the cluster if you no longer wish to have them:

Cleanup Azure Resources

1. Delete the Azure Storage Account:

2. Delete the IAM Role:

3. Delete the Service Principal: