Step-by-Step Guide to Install OADP on OpenShift

Here’s a practical step-by-step OADP install for OpenShift, using AWS S3 as the backup location. This is the most common pattern and maps to Red Hat’s current OADP flow: install the OADP Operator, create the default credentials secret, then create a DataProtectionApplication (DPA). OADP is the supported OpenShift path for application backup/restore, and for PV snapshots your provider must support native snapshots or CSI snapshots. (Red Hat Documentation)

1. Prereqs

You need:

cluster-admin access
an S3 bucket
AWS credentials with access to the bucket
snapshot support if you want PV snapshots
oc logged into the cluster. OADP also requires a default credentials secret during installation. (Red Hat Documentation)

2. Create the OADP namespace

oc create namespace openshift-adp

Red Hat’s OADP examples use openshift-adp as the namespace. (Red Hat Documentation)

3. Install the OADP Operator

In the OpenShift web console:

go to Operators → OperatorHub
search for OADP
open OpenShift API for Data Protection
click Install
install it into openshift-adp

Wait for the operator pod to be running:

oc get pods -n openshift-adp

The Red Hat flow is to install the OADP Operator first, then configure credentials and the DPA. (Red Hat Documentation)

4. Create the AWS credentials file

Create a local file named credentials-velero:

			
cat <<'EOF' > credentials-velero
[default]

aws_access_key_id=YOUR_AWS_ACCESS_KEY_ID

aws_secret_access_key=YOUR_AWS_SECRET_ACCESS_KEY

EOF

Red Hat documents this credentials-velero pattern for AWS-backed OADP installs. (Red Hat Documentation)

5. Create the default OADP secret

Create the required secret in openshift-adp:

			
oc create secret generic cloud-credentials \
  -n openshift-adp \
  --from-file cloud=./credentials-velero

For AWS, the default secret name is cloud-credentials. Red Hat notes that the DPA install expects a default secret; otherwise installation fails. (Red Hat Documentation)

6. Create the DataProtectionApplication

Apply a DPA like this:

			
apiVersion: oadp.openshift.io/v1alpha1
kind: DataProtectionApplication
metadata:
  name: dpa
  namespace: openshift-adp
spec:
  backupLocations:
    - velero:
        provider: aws
        default: true
        objectStorage:
          bucket: YOUR_S3_BUCKET
          prefix: ocp-backups
        config:
          region: us-east-1
  snapshotLocations:
    - velero:
        provider: aws
        config:
          region: us-east-1
  configuration:
    velero:
      defaultPlugins:
        - openshift
        - aws
        - csi

		

Apply it:

oc apply -f dpa.yaml

The DPA is the main OADP custom resource that wires backup storage and snapshot locations, and current OpenShift docs describe these OADP objects as the supported app backup path. (Red Hat Documentation)

7. Wait for OADP to become ready

Check the DPA and pods:

			
oc get dpa -n openshift-adp
oc get pods -n openshift-adp

You want the DPA to move to a ready state before creating backups. Red Hat’s backup flow requires the DataProtectionApplication to be Ready before backup CRs are used. (Red Hat Documentation)

8. Create your first backup

Once OADP is ready, back up a namespace:

			
apiVersion: velero.io/v1
kind: Backup
metadata:
  name: app-backup
  namespace: openshift-adp
spec:
  includedNamespaces:
    - my-app
  snapshotVolumes: true
  ttl: 720h

		

Apply it:

oc apply -f backup.yaml

OADP uses Velero backup CRs for application backup and supports filtering by namespace, labels, or resource type. (Red Hat Documentation)

9. Check backup status

			
oc get backup -n openshift-adp
oc describe backup app-backup -n openshift-adp

This confirms whether the backup finished and whether volume snapshots were taken.

10. Optional: schedule automatic backups

			
apiVersion: velero.io/v1
kind: Schedule
metadata:
  name: daily-backup
  namespace: openshift-adp
spec:
  schedule: "0 2 * * *"
  template:
    includedNamespaces:
      - my-app
    snapshotVolumes: true
    ttl: 720h

		

Apply it:

oc apply -f schedule.yaml

OADP supports scheduled Velero backups through Schedule objects. (Red Hat Documentation)

11. Common mistakes

No default cloud-credentials secret
wrong bucket region
no snapshot support for your storage class
assuming OADP backs up etcd; it does not
installing into a namespace with an overly long name can cause secret-labeling issues in some OADP cases. (Red Hat Documentation)

12. Minimal install checklist

			
oc create namespace openshift-adp
# install OADP Operator from OperatorHub
oc create secret generic cloud-credentials -n openshift-adp --from-file cloud=./credentials-velero
oc apply -f dpa.yaml
oc get dpa -n openshift-adp
oc apply -f backup.yaml
oc get backup -n openshift-adp

		

Infra Cloud Solutions

Leave a comment Cancel reply

1. Prereqs

2. Create the OADP namespace

3. Install the OADP Operator

4. Create the AWS credentials file

5. Create the default OADP secret

6. Create the DataProtectionApplication

7. Wait for OADP to become ready

8. Create your first backup

9. Check backup status

10. Optional: schedule automatic backups

11. Common mistakes

12. Minimal install checklist

Share this:

Related

Leave a comment Cancel reply