velero备份k8s集群
流程图
velero备份原理
- 本地 Velero 客户端发送备份指令。
- Kubernetes 集群内就会创建一个 Backup 对象。
- BackupController 监测 Backup 对象并开始备份过程。
- BackupController 会向 API Server 查询相关数据。
- BackupController 将查询到的数据备份到远端的对象存储。
velero的特点
- 支持kubernetes集群数据备份和恢复
- 支持将备份好的数据,恢复到其他kubernetes集群(前提是前一个集群所用到的资源(如存储)以及kubernetes不能夸大版本,否则会恢复不了)
安装minio对象存储
1、下载minio镜像
docker pull minio/minio:latest
2、准备minio挂载目录
mkdir -pv /velvero/data
3、启动minio
docker run --name minio --restart always -v /velvero/data:/data -d -e "MINIO_ROOT_USER=admin" -e "MINIO_ROOT_PASSWORD=12345678" -p9000:9000 -p 9999:9999 minio/minio:latest server /data --console-address "0.0.0.0:9999"
MINIO_ROOT_USER= 指定minio用户
MINIO_ROOT_PASSWORD 指定用户密码
--console-address 指定控制台监听地址和端口
4、创建buckets桶
部署velero
1、下载/配置velero二进制客户端工具
~# wget https://github.com/vmware-tanzu/velero/releases/download/v1.8.1/velero-v1.8.1-linux-amd64.tar.gz
~# tar xvf velero-v1.8.1-linux-amd64.tar.gz
~# cp velero-v1.8.1-linux-amd64/velero /usr/local/bin/
~# velero --help
安装velero资源
1、创建velero-system名称空间
kubectl create ns velero-system
2、创建velero组件
velero --kubeconfig /root/.kube/config \
install --provider aws --use-restic \
--plugins velero/velero-plugin-for-aws:v1.3.1 \
--bucket velerodata \
--secret-file ./velero-auth.txt \
--use-volume-snapshots=false \
--namespace velero-system \
default-volumes-to-restic \
--backup-location-config region=minio,s3ForcePathStyle="true",s3Url=http://10.211.55.3:9000
关键参数解读:
--kubeconfig 指定集群认证文件
--provider 声明velero使用的存储插件类型
--use-restic 使用开源免费的备份工具restic备份和还原持久卷数据
--secret-file 指定对象存储的账号密码
--use-volume-snapshots=false 关闭存储卷快照数据快照方式备份
--namespace 指定velero安装在那个名称空间
default-volumes-to-restic使用rustic 来备份所有pod卷,前提是需要提前开启 --use-restic 参数
验证功能
# kubectl get pod -nvelero-system
NAME READY STATUS RESTARTS AGE
velero-858b9459f9-m6zm4 1/1 Running 0 46h
查看velero日志
日志出现Backup storage location valid, marking as available表示velero运行正常
创建备份
# velero backup create myserver-ns-backup-${DATE} --include-namespaces default 【--kubeconfig=/root/.velero/config】 --namespace velero-system
Backup request "myserver-ns-backup-20220808025816" submitted successfully.
Run `velero backup describe myserver-ns-backup-20220808025816` or `velero backup logs myserver-ns-backup-20220808025816` for more details.
--include-namespaces 指定需要备份的名称空间
--kubeconfig指定k8s认证文件 注意:如果使用的是k8s默认的.kube目录下的认证文件可以不用该参数
--namespace指定velero contallor所在的名称空间
查看velero备份是否成功
- 1、查看日志
- 2、get备份信息
# velero backup get -nvelero-system
NAME STATUS ERRORS WARNINGS CREATED EXPIRES STORAGE LOCATION SELECTOR
myserver-ns-backup-20220808025954 Completed 0 0 2022-08-08 03:00:02 +0000 UTC 29d default
myserver-ns-backup-20220808025816 Completed 0 0 2022-08-08 02:58:19 +0000 UTC 29d default
- 3、查看minio存储桶是否存在数据
验证备份带有pvc数据的pod
1、环境准备
- 1、创建pod、pvc资源
~/manifests# cat pod-pvc.yaml
apiVersion: v1
kind: Pod
metadata:
name: test-pvc
spec:
containers:
- image: nginx
name: test-container
volumeMounts:
- mountPath: /usr/share/nginx/html/
name: test-volume
volumes:
- name: test-volume
persistentVolumeClaim:
claimName: myclaim
~/manifests# cat pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: myclaim
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
~/manifests# kubectl get pod
NAME READY STATUS RESTARTS AGE
test-pvc 1/1 Running 0 31s
root@k8s-eploy:~/manifests# kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
myclaim Bound pvc-f5e4f5d4-c829-49b9-89fa-568587796e46 1Gi RWO nfs-client 40s
- 2、增添数据
:/data/nfs/default-myclaim-pvc-f5e4f5d4-c829-49b9-89fa-568587796e46# ls
root@k8s-eploy:/data/nfs/default-myclaim-pvc-f5e4f5d4-c829-49b9-89fa-568587796e46# echo test pv > index.html
root@k8s-eploy:/data/nfs/default-myclaim-pvc-f5e4f5d4-c829-49b9-89fa-568587796e46# ls
index.html
root@k8s-eploy:/data/nfs/default-myclaim-pvc-f5e4f5d4-c829-49b9-89fa-568587796e46# cat index.html
test pv
2、备份数据
- 1、执行备份命令
velero backup create \
default-ns-backup-`date +%Y%m%d%H%M%S` \
--default-volumes-to-restic \
--snapshot-volumes \
--include-namespaces default \
-nvelero-system
Backup request "default-ns-backup-20220808131011" submitted successfully.
Run `velero backup describe default-ns-backup-20220808131011` or `velero backup logs default-ns-backup-20220808131011` for more details.
- 2、查看备份信息
~# velero backup get -nvelero-system
NAME STATUS ERRORS WARNINGS CREATED EXPIRES STORAGE LOCATION SELECTOR
default-ns-backup-20220808131011 Completed 0 0 2022-08-08 13:10:11 +0000 UTC 29d default
3、模拟意外删除资源及pvc数据
1、删除pod、pvc及数据
root@k8s-eploy:~/manifests# ls
pod-pvc.yaml pvc.yaml
~/manifests# kubectl delete -f ./
pod "test-pvc" deleted
persistentvolumeclaim "myclaim" deleted
/data/nfs# rm -rf archived-default-myclaim-pvc-f5e4f5d4-c829-49b9-89fa-568587796e46
2、还原备份
:/data/nfs# velero restore create \
--from-backup default-ns-backup-20220808131011 \
-nvelero-system
Restore request "default-ns-backup-20220808131011-20220808132317" submitted successfully.
Run `velero restore describe default-ns-backup-20220808131011-20220808132317` or `velero restore logs default-ns-backup-20220808131011-20220808132317` for more details.
3、查看pod数据是否恢复
:/data/nfs# kubectl get pod
NAME READY STATUS RESTARTS AGE
test-pvc 1/1 Running 0 49s
:/data/nfs# kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
myclaim Bound pvc-9bb398e3-0883-402e-a1c7-d345d2cb2750 1Gi RWO nfs-client 106s
4、查看pvc数据是否恢复
:/data/nfs/default-myclaim-pvc-9bb398e3-0883-402e-a1c7-d345d2cb2750# ls
index.html
定时备份
Usage:
velero schedule create NAME --schedule [flags]
Examples:
# 每六小时备份一次.所有namespace
velero create schedule NAME --schedule="*/1 * * * *"
# 每六小时备份一次.所有namespace
velero create schedule NAME --schedule="@every 6h"
# 每24小时备份一次 web namespace的数据
velero create schedule NAME --schedule="@every 24h" --include-namespaces web
# 7天备份一次所有名称空间数据,备份保存90天
velero create schedule NAME --schedule="@every 168h" --ttl 2160h0m0s
cat deploy.sh
cat > velero-auth.txt <<EOF
[default]
aws_access_key_id=admin
aws_secret_access_key=admin123
EOF
velero --kubeconfig ./config \
install --provider aws --use-restic \
--plugins velero/velero-plugin-for-aws:v1.3.1 \
--bucket velero \
--secret-file ./velero-auth.txt \
--use-volume-snapshots=false \
--namespace velero-system \
default-volumes-to-restic \
--backup-location-config region=minio,s3ForcePathStyle="true",s3Url=http://103.63.139.191:9000
编写好的makefile
.DELETE_ON_ERROR:
TIMESTAMP := $(shell date +%s)
KUBECONFIG=./config
NAMESPACE ?= velero-system
show:
velero backup get -n $(NAMESPACE) --kubeconfig=$(KUBECONFIG)
deploy:
./deploy.sh
un:
velero uninstall -n $(NAMESPACE) --kubeconfig=$(KUBECONFIG)
del:
@for i in $$(velero backup get -n $(NAMESPACE) --kubeconfig=$(KUBECONFIG) | awk '{print $$1}'); do \
velero backup delete $$i -n $(NAMESPACE) --kubeconfig=$(KUBECONFIG); \
done
backup-restic:
echo "备份带pvc数据的 $(NAMESPACE)"
velero backup create $(NAMESPACE)-backup-$(TIMESTAMP) --default-volumes-to-restic --snapshot-volumes --include-namespaces $(NAMESPACE) --kubeconfig=./config --namespace velero-system
backup:
echo "备份不带pvc的$(NAMESPACE)"
velero backup create $(NAMESPACE)-backup-$(NAMESPACE) --include-namespaces $(NAMESPACE) --kubeconfig=$(KUBECONFIG) --namespace velero-system
restore:
echo "恢复 $(NAMESPACE)"
velero restore create --from-backup $(NAMESPACE)-backup-$(TIMESTAMP) -n velero-system ----kubeconfig=$(KUBECONFIG)