CCE集群备份
更新时间:2022-12-01
简介
CCE 支持用户使用开源工具velero对云上的kubernetes集群进行备份、恢复。用于集群误操作、集群故障、集群迁移等场景。
velero的作用:
- 灾备能力:提供备份、恢复k8s集群的能力
- 迁移能力:提供拷贝集群资源到其他集群的能力
和 etcd 备份的区别:
- etcd 的备份必须拥有 etcd 运维权限,CCE上托管型集群用户无法操作 etcd
- etcd 更适合单集群内数据备份,不太适合集群迁移
- etcd 是当前状态备份,velero 可以做到只备份集群内的一部分资源
安装
如果要在 CCE 上使用velero的备份、恢复功能,需要安装并配置 velero 和 velero-baiducloud-plugin
- 1.下载 Velero 的官方 release 版本
- 2.下载安装所需要的yaml 文件
- 3.在百度云上创建你的BOS bucket
- 4.在百度云上获取你的ak sk
- 5.为百度云的 CCE 集群安装 velero 和 velero-plugin
1. 下载 Velero 的官方 release 版本
- 下载 适用于你的系统的 Velero 的官方 release 版本
-
解压 tar 包:
tar -xvf <RELEASE-TARBALL-NAME>.tar.gz -C /dir/to/extract/to
- 把 velero 的二进制文件移动到系统的 Path目录
2.下载安装所需要的yaml 文件1:install-crd.yaml
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
component: velero
name: backups.velero.io
spec:
group: velero.io
names:
kind: Backup
listKind: BackupList
plural: backups
singular: backup
scope: Namespaced
version: v1
versions:
- name: v1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
component: velero
name: backupstoragelocations.velero.io
spec:
group: velero.io
names:
kind: BackupStorageLocation
listKind: BackupStorageLocationList
plural: backupstoragelocations
singular: backupstoragelocation
scope: Namespaced
version: v1
versions:
- name: v1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
component: velero
name: deletebackuprequests.velero.io
spec:
group: velero.io
names:
kind: DeleteBackupRequest
listKind: DeleteBackupRequestList
plural: deletebackuprequests
singular: deletebackuprequest
scope: Namespaced
version: v1
versions:
- name: v1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
component: velero
name: downloadrequests.velero.io
spec:
group: velero.io
names:
kind: DownloadRequest
listKind: DownloadRequestList
plural: downloadrequests
singular: downloadrequest
scope: Namespaced
version: v1
versions:
- name: v1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
component: velero
name: podvolumebackups.velero.io
spec:
group: velero.io
names:
kind: PodVolumeBackup
listKind: PodVolumeBackupList
plural: podvolumebackups
singular: podvolumebackup
scope: Namespaced
version: v1
versions:
- name: v1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
component: velero
name: podvolumerestores.velero.io
spec:
group: velero.io
names:
kind: PodVolumeRestore
listKind: PodVolumeRestoreList
plural: podvolumerestores
singular: podvolumerestore
scope: Namespaced
version: v1
versions:
- name: v1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
component: velero
name: resticrepositories.velero.io
spec:
group: velero.io
names:
kind: ResticRepository
listKind: ResticRepositoryList
plural: resticrepositories
singular: resticrepository
scope: Namespaced
version: v1
versions:
- name: v1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
component: velero
name: restores.velero.io
spec:
group: velero.io
names:
kind: Restore
listKind: RestoreList
plural: restores
singular: restore
scope: Namespaced
version: v1
versions:
- name: v1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
component: velero
name: schedules.velero.io
spec:
group: velero.io
names:
kind: Schedule
listKind: ScheduleList
plural: schedules
singular: schedule
scope: Namespaced
version: v1
versions:
- name: v1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
component: velero
name: serverstatusrequests.velero.io
spec:
group: velero.io
names:
kind: ServerStatusRequest
listKind: ServerStatusRequestList
plural: serverstatusrequests
singular: serverstatusrequest
scope: Namespaced
version: v1
versions:
- name: v1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
component: velero
name: volumesnapshotlocations.velero.io
spec:
group: velero.io
names:
kind: VolumeSnapshotLocation
listKind: VolumeSnapshotLocationList
plural: volumesnapshotlocations
singular: volumesnapshotlocation
scope: Namespaced
version: v1
versions:
- name: v1
served: true
storage: true
3.下载安装所需要的yaml 文件2:install-velero.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: velero
name: velero
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
component: velero
name: velero
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: velero
namespace: velero
---
apiVersion: velero.io/v1
kind: BackupStorageLocation
metadata:
labels:
component: velero
name: default
namespace: velero
spec:
config: {}
objectStorage:
bucket: <BUCKET>
prefix: ""
provider: baiducloud
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: velero
namespace: velero
spec:
replicas: 1
selector:
matchLabels:
deploy: velero
template:
metadata:
annotations:
prometheus.io/path: /metrics
prometheus.io/port: "8085"
prometheus.io/scrape: "true"
labels:
component: velero
deploy: velero
spec:
serviceAccountName: velero
containers:
- name: velero
image: hub.baidubce.com/jpaas-public/velero:latest
imagePullPolicy: Always
command:
- /velero
- --log-level=debug
- --backup-sync-period=1m
args:
- server
env:
- name: VELERO_SCRATCH_DIR
value: /scratch
- name: BAIDU_CLOUD_CREDENTIALS_FILE
value: /credentials/cloud
volumeMounts:
- mountPath: /plugins
name: plugins
- mountPath: /scratch
name: scratch
- mountPath: /credentials
name: cloud-credentials
initContainers:
- image: hub.baidubce.com/jpaas-public/velero-plugin-baiducloud:v0.3
imagePullPolicy: Always
name: velero-plugin-baiducloud
volumeMounts:
- mountPath: /target
name: plugins
volumes:
- emptyDir: {}
name: plugins
- emptyDir: {}
name: scratch
- name: cloud-credentials
secret:
secretName: cloud-credentials
4.在百度云上创建你的BOS bucket
Velero 需要对象存储来存放备份数据,在 百度云上创建你的 BOS bucket , 替换 install.yaml 中的Bucket 名称,运行如下替换命令
BUCKET=<YOUR_BUCKET>
sed -i "s#<BUCKET>#$BUCKET#" install-velero.yaml
5.获取百度云用户的 Access Key 和 Secret Key
关于 AK SK 的更多信息参考: 如何获取 AK 和 SK
在当前目录中创建或者编辑 credentials-velero文件,内容如下:
BAIDU_CLOUD_ACCESS_KEY_ID=<BAIDU_CLOUD_ACCESS_KEY_ID>
BAIDU_CLOUD_SECRET_ACCESS_KEY=<BAIDU_CLOUD_SECRET_ACCESS_KEY>
BAIDU_CLOUD_BOS_ENDPOINT=<BAIDU_CLOUD_BOS_ENDPOINT>
BAIDU_CLOUD_BOS_ENDPOINT 的格式为 ***.bcebos.com, 各地域的 endpoint 信息查看: bos 用户文档
6.为百度云的 CCE 集群安装 velero 和 velero-plugin
- 1.创建 namespace: velero
kubectl create namespace velero
- 2.创建 secret: cloud-credentials
kubectl create secret generic cloud-credentials --namespace velero --from-file cloud=credentials-velero
- 3.创建 velero 和 velero-plugin
kubectl apply -f install-crd.yaml
kubectl apply -f install-velero.yaml
如果你需要重新安装或者卸载 velero, 可以执行如下命令:
kubectl delete namespace/velero clusterrolebinding/velero
kubectl delete crds -l component=velero
以上,velero全部安装完成
使用
安装成功后,具体的使用方式和开源的 velero保持一致,更多操作可以查看官方文档
集群备份、恢复示例:
- 1.创建 nginx example 资源示例(不包含 PV)
下载示例文件:base.yaml
---
apiVersion: v1
kind: Namespace
metadata:
name: nginx-example
labels:
app: nginx
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: nginx-example
spec:
selector:
matchLabels:
app: nginx
replicas: 2
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: hub.baidubce.com/cce/nginx-alpine-go:latest
name: nginx
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx
name: my-nginx
namespace: nginx-example
spec:
ports:
- port: 80
targetPort: 80
selector:
app: nginx
type: LoadBalancer
kubectl apply -f base.yaml
- 2.生成一个备份,备份名称为 nginx-backup
velero backup create nginx-backup --include-namespaces nginx-example
- 3.删除nginx example 资源:
kubectl delete namespaces nginx-example
- 4.从nginx-backup备份中恢复资源:
velero restore create --from-backup nginx-backup
注意事项:
- 1.CCE 上的集群备份暂不支持 pv 和 pvc 备份
- 2.CCE 实现了 velero 的云厂商插件,具体的 velero 使用问题可以查看 velero 文档