CCE集群备份
所有文档

          容器引擎 CCE

          CCE集群备份

          简介

          CCE 支持用户使用开源工具velero对云上的kubernetes集群进行备份、恢复。用于集群误操作、集群故障、集群迁移等场景。

          velero的作用:

          • 灾备能力:提供备份、恢复k8s集群的能力
          • 迁移能力:提供拷贝集群资源到其他集群的能力

          和 etcd 备份的区别:

          • etcd 的备份必须拥有 etcd 运维权限,CCE上托管型集群用户无法操作 etcd
          • etcd 更适合单集群内数据备份,不太适合集群迁移
          • etcd 是当前状态备份,velero 可以做到只备份集群内的一部分资源

          安装

          如果要在 CCE 上使用velero的备份、恢复功能,需要安装并配置 velero 和 velero-baiducloud-plugin

          • 1.下载 Velero 的官方 release 版本
          • 2.下载安装所需要的yaml 文件
          • 3.在百度云上创建你的BOS bucket
          • 4.在百度云上获取你的ak sk
          • 5.为百度云的 CCE 集群安装 velero 和 velero-plugin

          1. 下载 Velero 的官方 release 版本

          • 下载 适用于你的系统的 Velero 的官方 release 版本
          • 解压 tar 包:

            tar -xvf <RELEASE-TARBALL-NAME>.tar.gz -C /dir/to/extract/to
          • 把 velero 的二进制文件移动到系统的 Path目录

          2.下载安装所需要的yaml 文件1:install-crd.yaml

          ---
          apiVersion: apiextensions.k8s.io/v1beta1
          kind: CustomResourceDefinition
          metadata:
          labels:
           component: velero
          name: backups.velero.io
          spec:
          group: velero.io
          names:
           kind: Backup
           listKind: BackupList
           plural: backups
           singular: backup
          scope: Namespaced
          version: v1
          versions:
          - name: v1
           served: true
           storage: true
          ---
          apiVersion: apiextensions.k8s.io/v1beta1
          kind: CustomResourceDefinition
          metadata:
          labels:
           component: velero
          name: backupstoragelocations.velero.io
          spec:
          group: velero.io
          names:
           kind: BackupStorageLocation
           listKind: BackupStorageLocationList
           plural: backupstoragelocations
           singular: backupstoragelocation
          scope: Namespaced
          version: v1
          versions:
          - name: v1
           served: true
           storage: true
          ---
          apiVersion: apiextensions.k8s.io/v1beta1
          kind: CustomResourceDefinition
          metadata:
          labels:
           component: velero
          name: deletebackuprequests.velero.io
          spec:
          group: velero.io
          names:
           kind: DeleteBackupRequest
           listKind: DeleteBackupRequestList
           plural: deletebackuprequests
           singular: deletebackuprequest
          scope: Namespaced
          version: v1
          versions:
          - name: v1
           served: true
           storage: true
          ---
          apiVersion: apiextensions.k8s.io/v1beta1
          kind: CustomResourceDefinition
          metadata:
          labels:
           component: velero
          name: downloadrequests.velero.io
          spec:
          group: velero.io
          names:
           kind: DownloadRequest
           listKind: DownloadRequestList
           plural: downloadrequests
           singular: downloadrequest
          scope: Namespaced
          version: v1
          versions:
          - name: v1
           served: true
           storage: true
          ---
          apiVersion: apiextensions.k8s.io/v1beta1
          kind: CustomResourceDefinition
          metadata:
          labels:
           component: velero
          name: podvolumebackups.velero.io
          spec:
          group: velero.io
          names:
           kind: PodVolumeBackup
           listKind: PodVolumeBackupList
           plural: podvolumebackups
           singular: podvolumebackup
          scope: Namespaced
          version: v1
          versions:
          - name: v1
           served: true
           storage: true
          ---
          apiVersion: apiextensions.k8s.io/v1beta1
          kind: CustomResourceDefinition
          metadata:
          labels:
           component: velero
          name: podvolumerestores.velero.io
          spec:
          group: velero.io
          names:
           kind: PodVolumeRestore
           listKind: PodVolumeRestoreList
           plural: podvolumerestores
           singular: podvolumerestore
          scope: Namespaced
          version: v1
          versions:
          - name: v1
           served: true
           storage: true
          ---
          apiVersion: apiextensions.k8s.io/v1beta1
          kind: CustomResourceDefinition
          metadata:
          labels:
           component: velero
          name: resticrepositories.velero.io
          spec:
          group: velero.io
          names:
           kind: ResticRepository
           listKind: ResticRepositoryList
           plural: resticrepositories
           singular: resticrepository
          scope: Namespaced
          version: v1
          versions:
          - name: v1
           served: true
           storage: true
          ---
          apiVersion: apiextensions.k8s.io/v1beta1
          kind: CustomResourceDefinition
          metadata:
          labels:
           component: velero
          name: restores.velero.io
          spec:
          group: velero.io
          names:
           kind: Restore
           listKind: RestoreList
           plural: restores
           singular: restore
          scope: Namespaced
          version: v1
          versions:
          - name: v1
           served: true
           storage: true
          ---
          apiVersion: apiextensions.k8s.io/v1beta1
          kind: CustomResourceDefinition
          metadata:
          labels:
           component: velero
          name: schedules.velero.io
          spec:
          group: velero.io
          names:
           kind: Schedule
           listKind: ScheduleList
           plural: schedules
           singular: schedule
          scope: Namespaced
          version: v1
          versions:
          - name: v1
           served: true
           storage: true
          ---
          apiVersion: apiextensions.k8s.io/v1beta1
          kind: CustomResourceDefinition
          metadata:
          labels:
           component: velero
          name: serverstatusrequests.velero.io
          spec:
          group: velero.io
          names:
           kind: ServerStatusRequest
           listKind: ServerStatusRequestList
           plural: serverstatusrequests
           singular: serverstatusrequest
          scope: Namespaced
          version: v1
          versions:
          - name: v1
           served: true
           storage: true
          ---
          apiVersion: apiextensions.k8s.io/v1beta1
          kind: CustomResourceDefinition
          metadata:
          labels:
           component: velero
          name: volumesnapshotlocations.velero.io
          spec:
          group: velero.io
          names:
           kind: VolumeSnapshotLocation
           listKind: VolumeSnapshotLocationList
           plural: volumesnapshotlocations
           singular: volumesnapshotlocation
          scope: Namespaced
          version: v1
          versions:
          - name: v1
           served: true
           storage: true

          3.下载安装所需要的yaml 文件2:install-velero.yaml

          ---
          apiVersion: v1
          kind: ServiceAccount
          metadata:
            namespace: velero
            name: velero
          ---
          apiVersion: rbac.authorization.k8s.io/v1
          kind: ClusterRoleBinding
          metadata:
            labels:
              component: velero
            name: velero
          roleRef:
            apiGroup: rbac.authorization.k8s.io
            kind: ClusterRole
            name: cluster-admin
          subjects:
          - kind: ServiceAccount
            name: velero
            namespace: velero
          ---
          apiVersion: velero.io/v1
          kind: BackupStorageLocation
          metadata:
            labels:
              component: velero
            name: default
            namespace: velero
          spec:
            config: {}
            objectStorage:
              bucket: <BUCKET>
              prefix: ""
            provider: baiducloud
          ---
          apiVersion: apps/v1
          kind: Deployment
          metadata:
            name: velero
            namespace: velero
          spec:
            replicas: 1
            selector:
              matchLabels:
                deploy: velero
            template:
              metadata:
                annotations:
                  prometheus.io/path: /metrics
                  prometheus.io/port: "8085"
                  prometheus.io/scrape: "true"
                labels:
                  component: velero
                  deploy: velero
              spec:
                serviceAccountName: velero
                containers:
                - name: velero
                  image: hub.baidubce.com/jpaas-public/velero:latest
                  imagePullPolicy: Always
                  command:
                    - /velero
                    - --log-level=debug
                    - --backup-sync-period=1m
                  args:
                    - server
                  env:
                    - name: VELERO_SCRATCH_DIR
                      value: /scratch
                    - name: BAIDU_CLOUD_CREDENTIALS_FILE
                      value: /credentials/cloud
                  volumeMounts:
                    - mountPath: /plugins
                      name: plugins
                    - mountPath: /scratch
                      name: scratch
                    - mountPath: /credentials
                      name: cloud-credentials
                initContainers:
                - image: hub.baidubce.com/jpaas-public/velero-plugin-baiducloud:v0.3
                  imagePullPolicy: Always
                  name: velero-plugin-baiducloud
                  volumeMounts:
                  - mountPath: /target
                    name: plugins
                volumes:
                  - emptyDir: {}
                    name: plugins
                  - emptyDir: {}
                    name: scratch
                  - name: cloud-credentials
                    secret:
                      secretName: cloud-credentials

          4.在百度云上创建你的BOS bucket

          Velero 需要对象存储来存放备份数据,在 百度云上创建你的 BOS bucket , 替换 install.yaml 中的Bucket 名称,运行如下替换命令

          BUCKET=<YOUR_BUCKET>
          sed -i "s#<BUCKET>#$BUCKET#" install-velero.yaml

          5.获取百度云用户的 Access Key 和 Secret Key

          关于 AK SK 的更多信息参考: 如何获取 AK 和 SK

          在当前目录中创建或者编辑 credentials-velero文件,内容如下:

          BAIDU_CLOUD_ACCESS_KEY_ID=<BAIDU_CLOUD_ACCESS_KEY_ID>
          BAIDU_CLOUD_SECRET_ACCESS_KEY=<BAIDU_CLOUD_SECRET_ACCESS_KEY>
          BAIDU_CLOUD_BOS_ENDPOINT=<BAIDU_CLOUD_BOS_ENDPOINT>

          BAIDU_CLOUD_BOS_ENDPOINT 的格式为 ***.bcebos.com, 各地域的 endpoint 信息查看: bos 用户文档

          6.为百度云的 CCE 集群安装 velero 和 velero-plugin

          • 1.创建 namespace: velero
          kubectl create namespace velero
          • 2.创建 secret: cloud-credentials
          kubectl create secret generic cloud-credentials --namespace velero --from-file cloud=credentials-velero
          • 3.创建 velero 和 velero-plugin
          kubectl apply -f install-crd.yaml
          kubectl apply -f install-velero.yaml

          如果你需要重新安装或者卸载 velero, 可以执行如下命令:

          kubectl delete namespace/velero clusterrolebinding/velero
          kubectl delete crds -l component=velero

          以上,velero全部安装完成

          使用

          安装成功后,具体的使用方式和开源的 velero保持一致,更多操作可以查看官方文档

          集群备份、恢复示例:

          • 1.创建 nginx example 资源示例(不包含 PV)

          下载示例文件:base.yaml

          ---
          apiVersion: v1
          kind: Namespace
          metadata:
            name: nginx-example
            labels:
              app: nginx
          ---
          apiVersion: apps/v1
          kind: Deployment
          metadata:
            name: nginx-deployment
            namespace: nginx-example
          spec:
            selector:
              matchLabels:
                app: nginx
            replicas: 2
            template:
              metadata:
                labels:
                  app: nginx
              spec:
                containers:
                - image: hub.baidubce.com/cce/nginx-alpine-go:latest
                  name: nginx
                  ports:
                  - containerPort: 80
          ---
          apiVersion: v1
          kind: Service
          metadata:
            labels:
              app: nginx
            name: my-nginx
            namespace: nginx-example
          spec:
            ports:
            - port: 80
              targetPort: 80
            selector:
              app: nginx
            type: LoadBalancer
          kubectl apply -f base.yaml
          • 2.生成一个备份,备份名称为 nginx-backup
          velero backup create nginx-backup --include-namespaces nginx-example
          • 3.删除nginx example 资源:
          kubectl delete namespaces nginx-example
          • 4.从nginx-backup备份中恢复资源:
          velero restore create --from-backup nginx-backup

          注意事项:

          • 1.CCE 上的集群备份暂不支持 pv 和 pvc 备份
          • 2.CCE 实现了 velero 的云厂商插件,具体的 velero 使用问题可以查看 velero 文档
          上一篇
          CCE集群网络说明及规划
          下一篇
          VPC-CNI模式集群访问公网实践