编程知识 cdmana.com

Tencent cloud object storage COS is used as velero back-end storage to realize the backup and restore of cluster resources

Velero( Formerly known as Heptio Ark) It's an open source tool , Can be backed up and restored safely , Perform disaster recovery and migration Kubernetes Cluster resources and persistent volumes , Can be in TKE Cluster or self built Kubenetes Deployment in cluster Velero be used for :

  • Backup cluster resources and restore them in case of loss .
  • Migrate cluster resources to other clusters .
  • Copy production cluster resources to development and test clusters .

Velero The working principle diagram is shown in the figure below , When a user executes a backup command , Call custom resource API Create a backup object (1),BackupController controller watch To the generated backup object (2) Perform backup operations (3), After the backup is completed, upload the backup cluster resources and storage volume snapshot to Velero Back end storage (4 and 5); Allied , When performing a restore operation ,Velero The data of the specified backup object is synchronized from the back-end storage to Kubernetes Restore the cluster .

The following describes how to use Tencent cloud object storage COS As Velero Back end storage to achieve cluster backup and restore steps .

One 、 Prerequisite

  • Registered Tencent cloud account ;
  • It has been opened COS service ;
  • Created Kubernetes colony , Cluster version v1.10 Or later , The cluster can be used normally DNS and Internet Services . If you need to create TKE colony , Please refer to Create clusters .

Two 、 Configure storage

1、 establish  COS  bucket

stay COS The console is Velero Create an object bucket to store the backup  , To create a bucket, see COS Create buckets Instructions .

adopt COS The console is a bucket Set access rights . Object storage COS Two permission types are supported :

  • Public authority Set up : For safety's sake , The recommended bucket permission category is private read-write , A note on public authority , See... In bucket overview Authority category ).
  • User permissions Set up : The primary account has all permissions of the bucket by default ( That is, complete control of ), in addition COS Support to add sub account and read data 、 Data writing 、 Permission read 、 Permission to write , even to the extent that Complete control of The highest authority of .

Because of the need to read and write to the bucket , For example, the account number is granted data fetch 、 Data writing jurisdiction , As shown in the figure below :

2、 Get bucket access credentials

Velero Use with AWS S3 Compatible API visit COS , You need to use a pair of access keys ID And the signature created by the key , stay S3 API Parameters in ,access_key_id  The field is the access key ID , secret_access_key  The field is the key .

Tencent's cloud Access the administration console Create and acquire COS The Tencent cloud key of the authorized example account SecretId And  SecretKey , Here's the picture . among SecretId  Value correspondence access_key_id  Field ,SecretKey  Value correspondence secret_access_key  Field .

Create... In the local directory according to the above correspondence Velero Required credential profile credentials-velero :

[default]
aws_access_key_id=<SecretId>
aws_secret_access_key=<SecretKey>

3、 ... and 、 install Velero

download The latest official release of  Velero Compress the package into the cluster environment , At the time of writing this document v1.5.2 For example .

wget https://github.com/vmware-tanzu/velero/releases/download/v1.5.2/velero-v1.5.2-linux-amd64.tar.gz

Extract the compressed package , The package contains Velero Command line execution files and some sample files .

tar -xvf velero-v1.5.2-linux-amd64.tar.gz

take  velero The executable file is migrated from the decompressed directory to the system environment variable directory , Move here to /usr/bin Catalog . 

mv velero-v1.5.2-linux-amd64/velero /usr/bin/

Do the following Velero Installation command , establish Velero and restic The workload and other necessary resource objects .

velero install  --provider aws --plugins velero/velero-plugin-for-aws:v1.1.0 --bucket  <BucketName> 
--secret-file ./credentials-velero 
--use-restic 
--default-volumes-to-restic 
--backup-location-config 
region=ap-guangzhou,s3ForcePathStyle="true",s3Url=https://cos.ap-guangzhou.myqcloud.com

Parameter description :

  • --provider: The statement uses Velero Plug in type .
  • --plugins: Use S3 API Compatible plug-ins “velero-plugin-for-aws ”.
  • --bucket: Tencent's cloud COS Created bucket name .
  • --secret-file: visit COS Access credentials file for , See created above “credentials-velero” Voucher file .
  • --use-restic: Use open source free backup tools  restic  Backup and restore persistent volume data .Velero Support the use of free open source backup tools  restic  Backup and restore Kubernetes Storage volume data ( I won't support it  hostPath  volume , Please refer to restic Limit ), This integration is Velero The supplement of backup function , Recommended Opening .
  • --default-volumes-to-restic: Use restic To back up everything Pod volume , The premise is that you need to turn on  --use-restic Parameters .
  • --backup-location-config: Backup bucket access related configuration .
  • --region: compatible S3 API Of COS The bucket area , For example, if the founding area is Guangzhou ,region  Parameter values for “ap-guangzhou”.
  • --s3ForcePathStyle: Use S3 File path format .
  • --s3Url:COS Compatible S3 API Access address , Please note that it was not created COS Bucket's public network access domain name , Instead, use the format  https://cos.<region>.myqcloud.com Of URL, For example, if the region is Guangzhou , Parameter values for “https://cos.ap-guangzhou.myqc...”.

In addition, there are other installation parameters that can be used  velero install --help  see , For example, if you don't want to back up the storage volume data, you can set  --use-volume-snapshots=false To turn off the snapshot backup of storage volume data .

After executing the above installation command , The installation process is shown in the figure below :

After the installation command is executed , wait for Velero and restic When the workload is ready , Check if the configured storage location is available .

perform velero backup-location get View the storage status of the command , Show “Avaliable”, It means to visit COS normal , As shown in the figure below :

thus ,Velero installation is complete , If you want to know Velero For more installation information, please refer to Velero ⽂ files .

Four 、Velero  Backup restore test

Use... In a cluster helm Tool to create a persistent volume minio Test service ,minio install ⽅ Please refer to minio install , In this example , Have been to minio The service is bound to a load balancer , You can use the public address to access the management page in the browser .

Sign in minio Web Manage Pages , Upload some test image data , Here's the picture :

Next use Velero Backup , All objects in the cluster can be directly backed up , Or by type , Namespace and / Or label filtering objects , This example uses the following command to back up only default All resources under the namespace :

velero backup create default-backup --include-namespaces default

Use  velero backup get  Command to see if the backup task is complete , When the backup task status is “Completed” when , The number of errors is 0 , Indicates that the backup task is completed without any errors , The backup process is shown below :

At this point we delete minio All resources , Including its PVC Persistent volume , Here's the picture :

Delete minio After resources , We can test using the previous backup to restore deleted minio Resources , First, temporarily update the backup storage location to read-only mode ( This prevents the creation or deletion of backup objects in the backup storage location during the restore process ): 

kubectl patch backupstoragelocation default --namespace velero 
    --type merge 
    --patch '{"spec":{"accessMode":"ReadOnly"}}'

modify Velero Access to the storage location of is “ReadOnly”, As shown in the figure below :

Now use just now Velero Create a backup of "default-backup" To create a restore task :

velero restore create --from-backup default-backup

It can also be used velero restore get  To see the status of the restore task , If the restore state is “Completed”, The number of errors is 0, It indicates that the restore task is completed , The restoration process is shown in the following figure :

When the restore is complete , You can see what was previously deleted minio Related resources have been restored successfully , Here's the picture :

Log in to your browser minio Management page , You can see that the image data uploaded before is still , Indicates that the data of persistent volume is restored successfully , Here's the picture :

When the restore is complete , Don't forget to restore the backup storage location to read-write mode , So that the next backup task can be used successfully : 

kubectl patch backupstoragelocation default --namespace velero 
   --type merge 
   --patch '{"spec":{"accessMode":"ReadWrite"}}'

5、 ... and 、Velero  uninstall

If you want to uninstall in the cluster velero, Use the following command to uninstall .

kubectl delete namespace/velero clusterrolebinding/velero
kubectl delete crds -l component=velero

6、 ... and 、 summary

In this paper , We've done a little bit of that Kubernetes Cluster resource backup tool Velero, Shows how to configure Tencent cloud object storage COS As a Velero Back end storage , And successfully practiced minio Backup and restore operations of service resources and data .

7、 ... and 、 Reference resources

版权声明
本文为[Cloud storage angel]所创,转载请带上原文链接,感谢
https://cdmana.com/2020/12/20201224152603256d.html

Scroll to Top