preface

In general, we use etCD backup to restore k8S cluster, but sometimes we may accidentally delete a namespace, suppose that there are hundreds of services in this NS, instantly lost, how to do?

Of course, you could publish in CI/CD, but it would take a long time, and that’s when VmVare’s Velero came along.

Velero can help us:

In disaster recovery scenarios, k8S clusters can be backed up and restored
Migration scenarios, providing the ability to copy cluster resources to other clusters (replication synchronous development, testing, cluster configuration in production environment, simplified environment configuration)

Let me show you how to use Velero for backup and migration.

Velero address: github.com/vmware-tanz…

ACK plugin address: github.com/AliyunConta…

Download the Velero client

Velero consists of a client and a server, with the server deployed on the target K8S cluster and the client as a command line tool running locally.

Go to Velero’s Release page and download the client directly from GitHub
Unpack the release package
Release the binaries in the packageveleroMove to the$PATHIn a directory in
performvelero -htest

Deploy the Velero-plugin plug-in

Pull the code

git clone https://github.com/AliyunContainerService/velero-plugin
Copy the code

Configuration changes

Install /credentials-velero 'to add AccessKeyID and AccessKeySecret to the new user

ALIBABA_CLOUD_ACCESS_KEY_ID=<ALIBABA_CLOUD_ACCESS_KEY_ID>
ALIBABA_CLOUD_ACCESS_KEY_SECRET=<ALIBABA_CLOUD_ACCESS_KEY_SECRET>
ALIBABA_CLOUD_OSS_ENDPOINT=<ALIBABA_CLOUD_OSS_ENDPOINT>
Copy the code

# change 'install/01-velero.yaml' to insert OSS configuration:
---
apiVersion: v1
kind: ServiceAccount
metadata:
  namespace: velero
  name: velero

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    component: velero
  name: velero
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: velero
  namespace: velero

---
apiVersion: velero.io/v1
kind: BackupStorageLocation
metadata:
  labels:
    component: velero
  name: default
  namespace: velero
spec:
  config:
    region: cn-beijing
  objectStorage:
    bucket: k8s-backup-test
    prefix: test
  provider: alibabacloud

---
apiVersion: velero.io/v1
kind: VolumeSnapshotLocation
metadata:
  labels:
    component: velero
  name: default
  namespace: velero
spec:
  config:
    region: cn-beijing
  provider: alibabacloud

---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: velero
  namespace: velero
spec:
  replicas: 1
  selector:
    matchLabels:
      deploy: velero
  template:
    metadata:
      annotations:
        prometheus.io/path: /metrics
        prometheus.io/port: "8085"
        prometheus.io/scrape: "true"
      labels:
        component: velero
        deploy: velero
    spec:
      serviceAccountName: velero
      containers:
      - name: velero
        # the sync from velero/velero: v1.2.0Image: registry.cn-hangzhou.aliyuncs.com/acs/velero:v1.2.0 imagePullPolicy: IfNotPresentcommand:
          - /velero
        args:
          - server
          - --default-volume-snapshot-locations=alibabacloud:default
        env:
          - name: VELERO_SCRATCH_DIR
            value: /scratch
          - name: ALIBABA_CLOUD_CREDENTIALS_FILE
            value: /credentials/cloud
        volumeMounts:
          - mountPath: /plugins
            name: plugins
          - mountPath: /scratch
            name: scratch
          - mountPath: /credentials
            name: cloud-credentials
      initContainers:
      - image: registry.cn-hangzhou.aliyuncs.com/acs/velero-plugin-alibabacloud:v1.2-991b590
        imagePullPolicy: IfNotPresent
        name: velero-plugin-alibabacloud
        volumeMounts:
        - mountPath: /target
          name: plugins
      volumes:
        - emptyDir: {}
          name: plugins
        - emptyDir: {}
          name: scratch
        - name: cloud-credentials
          secret:
            secretName: cloud-credentials
Copy the code

K8s deploys the Velero service

# new namespace
kubectl create namespace velero
# Deploy credentials-velero secret
kubectl create secret generic cloud-credentials --namespace velero --from-file cloud=install/credentials-velero
# the deployment of CRD
kubectl apply -f install/00-crds.yaml
# deployment Velero
kubectl apply -f install/01-velero.yaml
Copy the code

Backup test

Here, we will use Velero to back up a cluster of related resources and quickly recover the cluster in the event of some failure or misoperation of the cluster. First we use yamL to deploy:

--- apiVersion: v1 kind: Namespace metadata: name: nginx-example labels: app: nginx --- apiVersion: apps/v1beta1 kind: Deployment metadata: name: nginx-deployment namespace: nginx-example spec: replicas: 2 template: metadata: labels: app: Nginx spec: containers: -image: nginx:1.7.9 Name: nginx ports: -containerPort: 80 -- apiVersion: v1 kind: Service metadata: labels: app: nginx name: my-nginx namespace: nginx-example spec: ports: - port: 80 targetPort: 80 selector: app: nginxCopy the code

You can back up a full namespace or only one namespace. This section backs up only one namespace: nginx-example

[rsync@velero-plugin]$ kubectl get pods -n nginx-example
NAME                                READY   STATUS    RESTARTS   AGE
nginx-deployment-5c689d88bb-f8vsx   1/1     Running   0          6m31s
nginx-deployment-5c689d88bb-rt2zk   1/1     Running   0          6m32s		
		
[rsync@velero]$ cdVelero-v1.4.0-linux-amd64 / [[email protected]]$ll total 56472 drwxrwxr-x 4 rsync rsync 4096 Jun 1 15:02 examples -rw-r--r-- 1 rsync rsync 10255 Dec 10 01:08 LICENSE -rwxr-xr-x 1 rsync rsync 57810814 May 27 04:33 velero [[email protected]]$./velero backup create nginx-backup --include-namespaces nginx-example --wait for backup request"nginx-backup" submitted successfully.
Waiting for backup to complete. You may safely press ctrl-c to stop waiting - your backup will continue in the background.
.
Backup completed with status: Completed. You may check for more information using the commands `velero backup describe nginx-backup` and `velero backup logs nginx-backup`.
Copy the code

Delete the ns

[[email protected]]$kubectl delete namespaces nginx-example namespace"nginx-example"Deleted [[email protected]]$kubectl get Pods -n nginx-example No resources found.Copy the code

restore

[[email protected]]$./velero restore create --from-backup nginx-backup --wait restore request"nginx-backup-20200603180922" submitted successfully.
Waiting for restore to complete. You may safely press ctrl-c to stop waiting - your restore will continue in the background.

Restore completed with status: Completed. You may check for more information using the commands `velero restore describe nginx-backup-20200603180922` and `velero restore logs nginx-backup-20200603180922`.
[[email protected]]$ kubectl get pods -n nginx-example
NAME                                READY   STATUS              RESTARTS   AGE
nginx-deployment-5c689d88bb-f8vsx 1/1 Running 0 5s nginx-deployments-5C689d88bb-rt2zk 0/1 ContainerCreating 0 5sCopy the code

In addition, migration and backup recovery are the same, let’s see a special, deploy a project, after the recovery will delete the new deployment of the project.

RESTARTS for tomcat [rsync@tomcat-test]$kubectl get Pods -n nginx-example NAME READY STATUS RESTARTS AGE nginx-deployment-5c689d88bb-f8vsx 1/1 Running 0 65m nginx-deployment-5c689d88bb-rt2zk 1/1 Running 0 65m tomcat-test-sy-677ff78f6b-rc5vq 1/1 Running 0  7sCopy the code

Restore the

[[email protected]]$./velero restore create --from-backup nginx-backup restore request"nginx-backup-20200603191726" submitted successfully.
Run `velero restore describe nginx-backup-20200603191726` or `velero restore logs nginx-backup-20200603191726` forMore details. [[email protected]]$kubectl get Pods -n nginx-example NAME READY STATUS RESTARTS AGE nginx-deployment-5c689d88bb-f8vsx 1/1 Running 0 68m nginx-deployment-5c689d88bb-rt2zk 1/1 Running 0 68m tomcat-test-sy-677ff78f6b-rc5vq 1/1 Running 0 2m33s can see no coverageCopy the code

Delete the deployment of nginx in restore

[[email protected]]$kubectl delete deployment nginx-deployment -n nginx-example deployment.extensions"nginx-deployment"Deleted [[email protected]]$kubectl get Pods -n nginx-example NAME READY STATUS RESTARTS AGE Tomcat-test - SY-677FF78f6b-rc5vq 1/1 Running 0 4m18s [[email protected]]$./velero restore create --from-backup nginx-backup Restore request"nginx-backup-20200603191949" submitted successfully.
Run `velero restore describe nginx-backup-20200603191949` or `velero restore logs nginx-backup-20200603191949` forMore details. [[email protected]]$kubectl get Pods -n nginx-example NAME READY STATUS RESTARTS AGE nginx-deployment-5c689d88bb-f8vsx 1/1 Running 0 2s nginx-deployment-5c689d88bb-rt2zk 0/1 ContainerCreating 0 2s tomcat-test-sy-677ff78f6b-rc5vq 1/1 Running 0 4M49s As can be seen, there is no impact on our Tomcat project.Copy the code

** Velero restores resources that do not exist in the current cluster. Existing resources are not rolled back to previous versions. If rollback is required, the existing resources must be deleted before restore.

Advanced usage

You can set up a periodic scheduled backup

# Backup at 1:00 every day
velero create schedule <SCHEDULE NAME> --schedule="0 1 * * *"
Backup is performed at 1:00 every day and retained for 48 hours
velero create schedule <SCHEDULE NAME> --schedule="0 1 * * *" --ttl 48h
Backup every 6 hours
velero create schedule <SCHEDULE NAME> --schedule="@every 6h"
Backup the Web namespace once a day
velero create schedule <SCHEDULE NAME> --schedule="@every 24h" --include-namespaces web

Copy the code

The NAME of the scheduled backup is: '<SCHEDULE NAME>-<TIMESTAMP>', and the restoration command is: 'velero restore create --from-backup <SCHEDULE NAME>-<TIMESTAMP>'.Copy the code

To back up and restore persistent volumes, perform the following operations:

velero backup create nginx-backup-volume --snapshot-volumes --include-namespaces nginx-example

Copy the code

The backup will create snapshots for cloud disks in the region where the cluster resides (CURRENTLY NAS and OSS storage are not supported). The snapshot restoration can only be performed in the same region.

The recovery command is as follows:

velero  restore create --from-backup nginx-backup-volume --restore-volumes

Copy the code

Delete the backup

Method 1: Run a command to delete the vm

velero delete backups default-backup

Copy the code

Method 2: Set automatic backup expiration and add the TTL parameter when creating a backup

velero backup create <BACKUP-NAME> --ttl <DURATION>

Copy the code

You can also add a specific label to the resource. The labeled resource is excluded during backup.

# add a tag
kubectl label -n <ITEM_NAMESPACE> <RESOURCE>/<NAME> velero.io/exclude-from-backup=true
# tag the default namespace
kubectl label -n default namespace/default velero.io/exclude-from-backup=true

Copy the code

Refer to the link

Yq.aliyun.com/articles/70…

— End of this article Thank you for reading. Scan the QR code on wechat and follow my official account —

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

Backup and migrate K8S cluster artifact

preface

Download the Velero client

Deploy the Velero-plugin plug-in

Backup test

Advanced usage

Refer to the link

Backup and migrate K8S cluster artifact

preface

Download the Velero client

Deploy the Velero-plugin plug-in

Backup test

Advanced usage

Refer to the link

Related Posts

Qt write security video surveillance system 29- disconnect reconnect

Java Object class and equals, hashCode and other common methods

Insight into the Zookeeper core principles | creator camp phase ii