CCE Cluster Backup
Introduction
CCE supports the use of an open-source tool velero to backup and recover the kubernetes cluster on the cloud. It is used in the scenarios such as cluster misoperation, cluster failure, and cluster migration.
Feature of velero:
- Disaster recovery capability: Provide the capability of k8s cluster backup and recovery.
- Migration capability: Provide the capability of copying cluster resources to other clusters.
Difference from the etcd backup:
- The backup of etcd must have the operation and maintenance permission of etcd. The hosted cluster users on CCE cannot operate etcd.
- Etcd is more suitable for the data backup in the single cluster, and less suitable for the cluster migration.
- Etcd is the current status backup, and velero can backup only a part of resources in the cluster.
Installation
To use the backup and recovery features of velero on CCE, you should install and configure velero and velero-baiducloud-plugin.
- 1.Download the officially released version of Velero.
- 2.Download and install the required yaml file.
- 3.Create your BOS bucket on Baidu Cloud.
- 4.Acquire your ak sk on Baidu Cloud.
- 5.Install velero and velero-plugin for CCE cluster of Baidu Cloud.
1.Download the Officially Released Version of Velero
- Download the officially released Version of Velero applicable to your system.
-
Unzip the tar package:
tar -xvf<RELEASE-TARBALL-NAME>.tar.gz -C /dir/to/extract/to
- Move the binary file of velero to the Path directory of the system.
2.Download and Install the Required yaml File 1: install-crd.yaml
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
component: velero
name: backups.velero.io
spec:
group: velero.io
names:
kind: Backup
listKind: BackupList
plural: backups
singular: backup
scope: Namespaced
version: v1
versions:
- name: v1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
component: velero
name: backupstoragelocations.velero.io
spec:
group: velero.io
names:
kind: BackupStorageLocation
listKind: BackupStorageLocationList
plural: backupstoragelocations
singular: backupstoragelocation
scope: Namespaced
version: v1
versions:
- name: v1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
component: velero
name: deletebackuprequests.velero.io
spec:
group: velero.io
names:
kind: DeleteBackupRequest
listKind: DeleteBackupRequestList
plural: deletebackuprequests
singular: deletebackuprequest
scope: Namespaced
version: v1
versions:
- name: v1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
component: velero
name: downloadrequests.velero.io
spec:
group: velero.io
names:
kind: DownloadRequest
listKind: DownloadRequestList
plural: downloadrequests
singular: downloadrequest
scope: Namespaced
version: v1
versions:
- name: v1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
component: velero
name: podvolumebackups.velero.io
spec:
group: velero.io
names:
kind: PodVolumeBackup
listKind: PodVolumeBackupList
plural: podvolumebackups
singular: podvolumebackup
scope: Namespaced
version: v1
versions:
- name: v1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
component: velero
name: podvolumerestores.velero.io
spec:
group: velero.io
names:
kind: PodVolumeRestore
listKind: PodVolumeRestoreList
plural: podvolumerestores
singular: podvolumerestore
scope: Namespaced
version: v1
versions:
- name: v1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
component: velero
name: resticrepositories.velero.io
spec:
group: velero.io
names:
kind: ResticRepository
listKind: ResticRepositoryList
plural: resticrepositories
singular: resticrepository
scope: Namespaced
version: v1
versions:
- name: v1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
component: velero
name: restores.velero.io
spec:
group: velero.io
names:
kind: Restore
listKind: RestoreList
plural: restores
singular: restore
scope: Namespaced
version: v1
versions:
- name: v1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
component: velero
name: schedules.velero.io
spec:
group: velero.io
names:
kind: Schedule
listKind: ScheduleList
plural: schedules
singular: schedule
scope: Namespaced
version: v1
versions:
- name: v1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
component: velero
name: serverstatusrequests.velero.io
spec:
group: velero.io
names:
kind: ServerStatusRequest
listKind: ServerStatusRequestList
plural: serverstatusrequests
singular: serverstatusrequest
scope: Namespaced
version: v1
versions:
- name: v1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
component: velero
name: volumesnapshotlocations.velero.io
spec:
group: velero.io
names:
kind: VolumeSnapshotLocation
listKind: VolumeSnapshotLocationList
plural: volumesnapshotlocations
singular: volumesnapshotlocation
scope: Namespaced
version: v1
versions:
- name: v1
served: true
storage: true
3.Download and Install the Required yaml File 2: install-velero.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: velero
name: velero
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
component: velero
name: velero
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: velero
namespace: velero
---
apiVersion: velero.io/v1
kind: BackupStorageLocation
metadata:
labels:
component: velero
name: default
namespace: velero
spec:
config: {}
objectStorage:
bucket:<BUCKET>
prefix: ""
provider: baiducloud
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: velero
namespace: velero
spec:
replicas: 1
selector:
matchLabels:
deploy: velero
template:
metadata:
annotations:
prometheus.io/path: /metrics
prometheus.io/port: "8085"
prometheus.io/scrape: "true"
labels:
component: velero
deploy: velero
spec:
serviceAccountName: velero
containers:
- name: velero
image: hub.baidubce.com/jpaas-public/velero:latest
imagePullPolicy: Always
command:
- /velero
- --log-level=debug
- --backup-sync-period=1m
args:
- server
env:
- name: VELERO_SCRATCH_DIR
value: /scratch
- name: BAIDU_CLOUD_CREDENTIALS_FILE
value: /credentials/cloud
volumeMounts:
- mountPath: /plugins
name: plugins
- mountPath: /scratch
name: scratch
- mountPath: /credentials
name: cloud-credentials
initContainers:
- image: hub.baidubce.com/jpaas-public/velero-plugin-baiducloud:v0.3
imagePullPolicy: Always
name: velero-plugin-baiducloud
volumeMounts:
- mountPath: /target
name: plugins
volumes:
- emptyDir: {}
name: plugins
- emptyDir: {}
name: scratch
- name: cloud-credentials
secret:
secretName: cloud-credentials
4.Create your BOS Bucket on Baidu AI Cloud
Velero requires the object storage to store the backup data. Create your BOS Bucket on Baidu cloud, substitute the Bucket name in install.yaml, and run the following substitute commands.
BUCKET=<YOUR_BUCKET>
sed -i "s#<BUCKET>#$BUCKET#" install-velero.yaml
5.Get Access Key and Secret Key of Baidu AI Cloud Users
For more information about AK SK, refer to: How to Get AK and SK.
Create or edit the credentials-velero file in the current directory, with the contents as below:
BAIDU_CLOUD_ACCESS_KEY_ID=<BAIDU_CLOUD_ACCESS_KEY_ID>
BAIDU_CLOUD_SECRET_ACCESS_KEY=<BAIDU_CLOUD_SECRET_ACCESS_KEY>
BAIDU_CLOUD_BOS_ENDPOINT=<BAIDU_CLOUD_BOS_ENDPOINT>
The format of BAIDU_CLOUD_BOS_ENDPOINT is: ***.bcebos.com, for the endpoint information of each region, view: BOS User Document.
6.Install Velero and Velero-plugin for CCE Cluster of Baidu AI Cloud.
- 1.Create namespace: velero.
kubectl create namespace velero
- 2.Create secret: cloud-credentials.
kubectl create secret generic cloud-credentials --namespace velero --from-file cloud=credentials-velero
- 3.Create velero and velero-plugin.
kubectl apply -f install-crd.yaml
kubectl apply -f install-velero.yaml
To reinstall or uninstall velero, you can execute the following commands.
kubectl delete namespace/velero clusterrolebinding/velero
kubectl delete crds -l component=velero
Above, velero is installed.
Use
After installation, the specific use mode keeps consistent with the open-source velero. For more operations, view Official Document.
Example of Cluster Backup and Recovery
- 1.Create a resource example of nginx example (excluding PV).
Download the sample file: base.yaml
---
apiVersion: v1
kind: Namespace
metadata:
name: nginx-example
labels:
app: nginx
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: nginx-deployment
namespace: nginx-example
spec:
replicas: 2
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: hub.baidubce.com/cce/nginx-alpine-go:latest
name: nginx
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx
name: my-nginx
namespace: nginx-example
spec:
ports:
- port: 80
targetPort: 80
selector:
app: nginx
type: LoadBalancer
kubectl apply -f base.yaml
- 2.Generate a backup named as nginx-backup.
velero backup create nginx-backup --include-namespaces nginx-example
- 3.Delete nginx example resources.
kubectl delete namespaces nginx-example
- 4.Recover resources from the nginx-backup backup.
velero restore create --from-backup nginx-backup
Caution
- 1.The cluster backup on CCE does not support pv and pvc backup temporarily.
- 2.CCE implements the cloud manufacturer plug-in of velero. For the specific velero use problems, please view Velero Document.