I'm trying to create a Docker container which has the Velero CLI deployed for the purposes of issuing commands to a Velero container running in AKS in Azure. The reason behind this is that we do not want to deploy the CLI to a Linux box but rather have a container which we can pass in a command, such as "velero restore ....", let the Velero CLI perform the task, and then the container lives no more. We don't expect to have to run very many commands and management wants as few VMs in Azure as possible. Currently we do this for other tools so it is inline with how we accomplish CLI commands. However we do not want to bake in settings such backup intervals or backup locations as these will be variable among our environments such as production, staging, etc. And of course we'll want to be able to interact with Velero itself whenever needed.

Now the rub is that Velero has to know which AKS cluster to connect to along with the kubectl credentials. So we have to have the resource group, AKS cluster name, the subscription, all of that information. The parameters are straight forward except for using kubectl to grab credentials. I'd like to either pass these on to our Velero CLI container when we bring it up or alternatively install kubectl inside the Velero CLI container and have it pull credentials.

Does anyone have any experience with this who could provide some insight on best practices for accomplishing this task? We are running Velero 1.6.1 in AKS currently.