Here’s a clean, production-ready guide to install OADP on Azure for
OpenShift Container Platform using
OpenShift API for Data Protection (OADP).
What changes on Azure?
Instead of AWS S3 + EBS, you use:
- Azure Blob Storage → backup storage
- Azure Disk snapshots → persistent volumes
Architecture
OCP Cluster ↓OADP Operator ↓Velero (engine) ↓Azure Blob Storage (backups) + Azure Disk Snapshots (PVs)
Step-by-step OADP install (Azure)
1. Prerequisites
You need:
- Azure Storage Account + Blob container
- Azure Service Principal (SP)
- Contributor access to:
- resource group
- storage account
2. Create Azure resources
Create storage account + container
az storage account create \ --name <storage-account> \ --resource-group <rg> \ --location <region> \ --sku Standard_LRSaz storage container create \ --name velero \ --account-name <storage-account>
3. Create Service Principal
az ad sp create-for-rbac \ --name oadp-sp \ --role Contributor \ --scopes /subscriptions/<subscription-id>
Save output:
appIdpasswordtenant
4. Create OADP namespace
oc create namespace openshift-adp
5. Install OADP Operator
From OperatorHub:
- Search: OADP
- Install into
openshift-adp
6. Create Azure credentials file
cat <<EOF > credentials-veleroAZURE_SUBSCRIPTION_ID=<subscription-id>AZURE_TENANT_ID=<tenant-id>AZURE_CLIENT_ID=<appId>AZURE_CLIENT_SECRET=<password>AZURE_RESOURCE_GROUP=<resource-group>AZURE_CLOUD_NAME=AzurePublicCloudEOF
7. Create secret in OpenShift
oc create secret generic cloud-credentials \ -n openshift-adp \ --from-file cloud=credentials-velero
8. Create DataProtectionApplication (Azure)
apiVersion: oadp.openshift.io/v1alpha1kind: DataProtectionApplicationmetadata: name: dpa namespace: openshift-adpspec: backupLocations: - velero: provider: azure default: true objectStorage: bucket: velero config: resourceGroup: <resource-group> storageAccount: <storage-account> subscriptionId: <subscription-id> snapshotLocations: - velero: provider: azure config: resourceGroup: <resource-group> subscriptionId: <subscription-id> configuration: velero: defaultPlugins: - openshift - azure - csi
Apply:
oc apply -f dpa.yaml
9. Verify installation
oc get dpa -n openshift-adpoc get pods -n openshift-adp
Look for:
- Velero pod running
- DPA status =
Ready
10. Create your first backup
apiVersion: velero.io/v1kind: Backupmetadata: name: azure-backup namespace: openshift-adpspec: includedNamespaces: - my-app snapshotVolumes: true ttl: 720h
oc apply -f backup.yaml
11. Check backup
oc get backup -n openshift-adpoc describe backup azure-backup -n openshift-adp
12. Schedule backups
apiVersion: velero.io/v1kind: Schedulemetadata: name: daily-backup namespace: openshift-adpspec: schedule: "0 2 * * *" template: includedNamespaces: - my-app snapshotVolumes: true
Azure-specific tips (IMPORTANT)
1. Permissions
Service Principal must have:
- Contributor on resource group
- Access to storage account
2. Storage account config
- Enable Blob access
- Use same region as cluster (recommended)
3. Snapshots
- Uses Azure Managed Disk snapshots
- Ensure disks are snapshot-capable
4. Networking
- If using private cluster:
- allow access to storage endpoint
Common issues
❌ Wrong tenant/subscription ID
❌ Storage account name mismatch
❌ Missing permissions on SP
❌ Snapshot location misconfigured
❌ Network restrictions blocking Azure API
What you get after setup
- Automated backups to Azure Blob
- PV snapshots in Azure
- Full app restore capability
Production best practice
- Separate storage account for backups
- Enable lifecycle policies (retention)
- Use managed identity instead of secrets (advanced)
- Combine with etcd backups
Final takeaway
- OADP on Azure = Velero + Blob + Disk snapshots
- Same workflow as AWS, different backend
- Fully production-ready DR solution
Infra Cloud Solutions 