容器引擎CCE

    CCE集群备份

    简介

    CCE 支持用户使用开源工具velero对云上的kubernetes集群进行备份、恢复。用于集群误操作、集群故障、集群迁移等场景。

    velero的作用:

    • 灾备能力:提供备份、恢复k8s集群的能力
    • 迁移能力:提供拷贝集群资源到其他集群的能力

    和 etcd 备份的区别:

    • etcd 的备份必须拥有 etcd 运维权限,CCE上托管型集群用户无法操作 etcd
    • etcd 更适合单集群内数据备份,不太适合集群迁移
    • etcd 是当前状态备份,velero 可以做到只备份集群内的一部分资源

    安装

    如果要在 CCE 上使用velero的备份、恢复功能,需要安装并配置 velero 和 velero-baiducloud-plugin

    • 1.下载 Velero 的官方 release 版本
    • 2.下载安装所需要的yaml 文件
    • 3.在百度云上创建你的BOS bucket
    • 4.在百度云上获取你的ak sk
    • 5.为百度云的 CCE 集群安装 velero 和 velero-plugin

    1. 下载 Velero 的官方 release 版本

    • 下载 适用于你的系统的 Velero 的官方 release 版本
    • 解压 tar 包:

      tar -xvf <RELEASE-TARBALL-NAME>.tar.gz -C /dir/to/extract/to
    • 把 velero 的二进制文件移动到系统的 Path目录

    2.下载安装所需要的yaml 文件1:install-crd.yaml

    ---
    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    labels:
     component: velero
    name: backups.velero.io
    spec:
    group: velero.io
    names:
     kind: Backup
     listKind: BackupList
     plural: backups
     singular: backup
    scope: Namespaced
    version: v1
    versions:
    - name: v1
     served: true
     storage: true
    ---
    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    labels:
     component: velero
    name: backupstoragelocations.velero.io
    spec:
    group: velero.io
    names:
     kind: BackupStorageLocation
     listKind: BackupStorageLocationList
     plural: backupstoragelocations
     singular: backupstoragelocation
    scope: Namespaced
    version: v1
    versions:
    - name: v1
     served: true
     storage: true
    ---
    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    labels:
     component: velero
    name: deletebackuprequests.velero.io
    spec:
    group: velero.io
    names:
     kind: DeleteBackupRequest
     listKind: DeleteBackupRequestList
     plural: deletebackuprequests
     singular: deletebackuprequest
    scope: Namespaced
    version: v1
    versions:
    - name: v1
     served: true
     storage: true
    ---
    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    labels:
     component: velero
    name: downloadrequests.velero.io
    spec:
    group: velero.io
    names:
     kind: DownloadRequest
     listKind: DownloadRequestList
     plural: downloadrequests
     singular: downloadrequest
    scope: Namespaced
    version: v1
    versions:
    - name: v1
     served: true
     storage: true
    ---
    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    labels:
     component: velero
    name: podvolumebackups.velero.io
    spec:
    group: velero.io
    names:
     kind: PodVolumeBackup
     listKind: PodVolumeBackupList
     plural: podvolumebackups
     singular: podvolumebackup
    scope: Namespaced
    version: v1
    versions:
    - name: v1
     served: true
     storage: true
    ---
    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    labels:
     component: velero
    name: podvolumerestores.velero.io
    spec:
    group: velero.io
    names:
     kind: PodVolumeRestore
     listKind: PodVolumeRestoreList
     plural: podvolumerestores
     singular: podvolumerestore
    scope: Namespaced
    version: v1
    versions:
    - name: v1
     served: true
     storage: true
    ---
    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    labels:
     component: velero
    name: resticrepositories.velero.io
    spec:
    group: velero.io
    names:
     kind: ResticRepository
     listKind: ResticRepositoryList
     plural: resticrepositories
     singular: resticrepository
    scope: Namespaced
    version: v1
    versions:
    - name: v1
     served: true
     storage: true
    ---
    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    labels:
     component: velero
    name: restores.velero.io
    spec:
    group: velero.io
    names:
     kind: Restore
     listKind: RestoreList
     plural: restores
     singular: restore
    scope: Namespaced
    version: v1
    versions:
    - name: v1
     served: true
     storage: true
    ---
    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    labels:
     component: velero
    name: schedules.velero.io
    spec:
    group: velero.io
    names:
     kind: Schedule
     listKind: ScheduleList
     plural: schedules
     singular: schedule
    scope: Namespaced
    version: v1
    versions:
    - name: v1
     served: true
     storage: true
    ---
    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    labels:
     component: velero
    name: serverstatusrequests.velero.io
    spec:
    group: velero.io
    names:
     kind: ServerStatusRequest
     listKind: ServerStatusRequestList
     plural: serverstatusrequests
     singular: serverstatusrequest
    scope: Namespaced
    version: v1
    versions:
    - name: v1
     served: true
     storage: true
    ---
    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    labels:
     component: velero
    name: volumesnapshotlocations.velero.io
    spec:
    group: velero.io
    names:
     kind: VolumeSnapshotLocation
     listKind: VolumeSnapshotLocationList
     plural: volumesnapshotlocations
     singular: volumesnapshotlocation
    scope: Namespaced
    version: v1
    versions:
    - name: v1
     served: true
     storage: true

    3.下载安装所需要的yaml 文件2:install-velero.yaml

    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      namespace: velero
      name: velero
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      labels:
        component: velero
      name: velero
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: cluster-admin
    subjects:
    - kind: ServiceAccount
      name: velero
      namespace: velero
    ---
    apiVersion: velero.io/v1
    kind: BackupStorageLocation
    metadata:
      labels:
        component: velero
      name: default
      namespace: velero
    spec:
      config: {}
      objectStorage:
        bucket: <BUCKET>
        prefix: ""
      provider: baiducloud
    ---
    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      name: velero
      namespace: velero
    spec:
      replicas: 1
      selector:
        matchLabels:
          deploy: velero
      template:
        metadata:
          annotations:
            prometheus.io/path: /metrics
            prometheus.io/port: "8085"
            prometheus.io/scrape: "true"
          labels:
            component: velero
            deploy: velero
        spec:
          serviceAccountName: velero
          containers:
          - name: velero
            image: hub.baidubce.com/jpaas-public/velero:latest
            imagePullPolicy: Always
            command:
              - /velero
              - --log-level=debug
              - --backup-sync-period=1m
            args:
              - server
            env:
              - name: VELERO_SCRATCH_DIR
                value: /scratch
              - name: BAIDU_CLOUD_CREDENTIALS_FILE
                value: /credentials/cloud
            volumeMounts:
              - mountPath: /plugins
                name: plugins
              - mountPath: /scratch
                name: scratch
              - mountPath: /credentials
                name: cloud-credentials
          initContainers:
          - image: hub.baidubce.com/jpaas-public/velero-plugin-baiducloud:v0.3
            imagePullPolicy: Always
            name: velero-plugin-baiducloud
            volumeMounts:
            - mountPath: /target
              name: plugins
          volumes:
            - emptyDir: {}
              name: plugins
            - emptyDir: {}
              name: scratch
            - name: cloud-credentials
              secret:
                secretName: cloud-credentials

    4.在百度云上创建你的BOS bucket

    Velero 需要对象存储来存放备份数据,在 百度云上创建你的 BOS bucket , 替换 install.yaml 中的Bucket 名称,运行如下替换命令

    BUCKET=<YOUR_BUCKET>
    sed -i "s#<BUCKET>#$BUCKET#" install-velero.yaml

    5.获取百度云用户的 Access Key 和 Secret Key

    关于 AK SK 的更多信息参考: 如何获取 AK 和 SK

    在当前目录中创建或者编辑 credentials-velero文件,内容如下:

    BAIDU_CLOUD_ACCESS_KEY_ID=<BAIDU_CLOUD_ACCESS_KEY_ID>
    BAIDU_CLOUD_SECRET_ACCESS_KEY=<BAIDU_CLOUD_SECRET_ACCESS_KEY>
    BAIDU_CLOUD_BOS_ENDPOINT=<BAIDU_CLOUD_BOS_ENDPOINT>

    BAIDU_CLOUD_BOS_ENDPOINT 的格式为 ***.bcebos.com, 各地域的 endpoint 信息查看: bos 用户文档

    6.为百度云的 CCE 集群安装 velero 和 velero-plugin

    • 1.创建 namespace: velero
    kubectl create namespace velero
    • 2.创建 secret: cloud-credentials
    kubectl create secret generic cloud-credentials --namespace velero --from-file cloud=credentials-velero
    • 3.创建 velero 和 velero-plugin
    kubectl apply -f install-crd.yaml
    kubectl apply -f install-velero.yaml

    如果你需要重新安装或者卸载 velero, 可以执行如下命令:

    kubectl delete namespace/velero clusterrolebinding/velero
    kubectl delete crds -l component=velero

    以上,velero全部安装完成

    使用

    安装成功后,具体的使用方式和开源的 velero保持一致,更多操作可以查看官方文档

    集群备份、恢复示例:

    • 1.创建 nginx example 资源示例(不包含 PV)

    下载示例文件:base.yaml

    ---
    apiVersion: v1
    kind: Namespace
    metadata:
      name: nginx-example
      labels:
        app: nginx
    ---
    apiVersion: apps/v1beta1
    kind: Deployment
    metadata:
      name: nginx-deployment
      namespace: nginx-example
    spec:
      replicas: 2
      template:
        metadata:
          labels:
            app: nginx
        spec:
          containers:
          - image: hub.baidubce.com/cce/nginx-alpine-go:latest
            name: nginx
            ports:
            - containerPort: 80
    ---
    apiVersion: v1
    kind: Service
    metadata:
      labels:
        app: nginx
      name: my-nginx
      namespace: nginx-example
    spec:
      ports:
      - port: 80
        targetPort: 80
      selector:
        app: nginx
      type: LoadBalancer
    kubectl apply -f base.yaml
    • 2.生成一个备份,备份名称为 nginx-backup
    velero backup create nginx-backup --include-namespaces nginx-example
    • 3.删除nginx example 资源:
    kubectl delete namespaces nginx-example
    • 4.从nginx-backup备份中恢复资源:
    velero restore create --from-backup nginx-backup

    注意事项:

    • 1.CCE 上的集群备份暂不支持 pv 和 pvc 备份
    • 2.CCE 实现了 velero 的云厂商插件,具体的 velero 使用问题可以查看 velero 文档
    上一篇
    CCE集群网络说明及规划
    下一篇
    VPC-CNI模式集群访问公网实践