首页 > 其他分享 >Velero系列文章(四):使用Velero进行生产迁移实战

Velero系列文章(四):使用Velero进行生产迁移实战

时间:2022-12-12 10:38:09浏览次数:67  
标签:实战 Velero caseycui2020 velero -- create io 迁移 openshift


Velero系列文章(四):使用Velero进行生产迁移实战_ci

概述

目的

通过 velero 工具, 实现以下整体目标:

  • 特定 namespace 在B A两个集群间做迁移;

具体目标为:

  1. 在B A集群上创建 velero (包括 restic )
  2. 备份 B集群 特定 namespace : ​​caseycui2020​​:
  1. 备份resources - 如deployments, configmaps等;
  1. 备份前, 排除特定​​secrets​​的yaml.
  1. 备份volume数据; (通过restic实现)
  1. 通过"选择性启用" 的方式, 只备份特定的pod volume
  1. 迁移特定 namespace 到 A集群 : ​​caseycui2020​​:
  1. 迁移resources - 通过​​include​​的方式, 仅迁移特定resources;
  2. 迁移volume数据. (通过restic 实现)

安装

  1. 在您的本地目录中创建特定于Velero的凭证文件(​​credentials-velero​​):
    使用的是xsky的对象存储: (公司的netapp的对象存储不兼容)
[default]
aws_access_key_id = xxxxxxxxxxxxxxxxxxxxxxxx
aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  1. (openshift) 需要先创建 namespace : ​​velero​​: ​​oc new-project velero​
  2. 默认情况下,用户维度的openshift namespace 不会在集群中的所有节点上调度Pod。
    要在所有节点上计划namespace,需要一个注释:
oc annotate namespace velero openshift.io/node-selector=""

这应该在安装velero之前完成。

  1. 启动服务器和存储服务。 在Velero目录中,运行:
velero install \
    --provider aws \
    --plugins velero/velero-plugin-for-aws:v1.0.0 \
    --bucket velero \
    --secret-file ./credentials-velero \
    --use-restic \
    --use-volume-snapshots=true \
    --backup-location-config region="default",s3ForcePathStyle="true",s3Url="http://glacier.ewhisper.cn",insecureSkipTLSVerify="true",signatureVersion="4" \
    --snapshot-location-config region="default"

创建的内容包括:

CustomResourceDefinition/backups.velero.io: attempting to create resource
CustomResourceDefinition/backups.velero.io: created
CustomResourceDefinition/backupstoragelocations.velero.io: attempting to create resource
CustomResourceDefinition/backupstoragelocations.velero.io: created
CustomResourceDefinition/deletebackuprequests.velero.io: attempting to create resource
CustomResourceDefinition/deletebackuprequests.velero.io: created
CustomResourceDefinition/downloadrequests.velero.io: attempting to create resource
CustomResourceDefinition/downloadrequests.velero.io: created
CustomResourceDefinition/podvolumebackups.velero.io: attempting to create resource
CustomResourceDefinition/podvolumebackups.velero.io: created
CustomResourceDefinition/podvolumerestores.velero.io: attempting to create resource
CustomResourceDefinition/podvolumerestores.velero.io: created
CustomResourceDefinition/resticrepositories.velero.io: attempting to create resource
CustomResourceDefinition/resticrepositories.velero.io: created
CustomResourceDefinition/restores.velero.io: attempting to create resource
CustomResourceDefinition/restores.velero.io: created
CustomResourceDefinition/schedules.velero.io: attempting to create resource
CustomResourceDefinition/schedules.velero.io: created
CustomResourceDefinition/serverstatusrequests.velero.io: attempting to create resource
CustomResourceDefinition/serverstatusrequests.velero.io: created
CustomResourceDefinition/volumesnapshotlocations.velero.io: attempting to create resource
CustomResourceDefinition/volumesnapshotlocations.velero.io: created
Waiting for resources to be ready in cluster...
Namespace/velero: attempting to create resource
Namespace/velero: created
ClusterRoleBinding/velero: attempting to create resource
ClusterRoleBinding/velero: created
ServiceAccount/velero: attempting to create resource
ServiceAccount/velero: created
Secret/cloud-credentials: attempting to create resource
Secret/cloud-credentials: created
BackupStorageLocation/default: attempting to create resource
BackupStorageLocation/default: created
VolumeSnapshotLocation/default: attempting to create resource
VolumeSnapshotLocation/default: created
Deployment/velero: attempting to create resource
Deployment/velero: created
DaemonSet/restic: attempting to create resource
DaemonSet/restic: created
Velero is installed! ⛵ Use 'kubectl logs deployment/velero -n velero' to view the status.
  1. (openshift) 将​​velero ​​ServiceAccount添加到​​privileged​​SCC:
$ oc adm policy add-scc-to-user privileged -z velero -n velero
  1. (openshift) 对于OpenShift版本> = 4.1,修改DaemonSet yaml以请求​​privileged​​模式:
@@ -67,3 +67,5 @@ spec:
              value: /credentials/cloud
            - name: VELERO_SCRATCH_DIR
              value: /scratch
+          securityContext:
+            privileged: true

或:

oc patch ds/restic \
  --namespace velero \
  --type json \
  -p '[{"op":"add","path":"/spec/template/spec/containers/0/securityContext","value": { "privileged": true}}]'

备份 - B集群

备份集群级别的特定资源

velero backup create <backup-name> --include-cluster-resources=true  --include-resources deployments,configmaps

查看备份

velero backup describe YOUR_BACKUP_NAME

备份特定 namespace ​​caseycui2020​

排除特定资源

标签为​​velero.io/exclude-from-backup=true​​的资源不包括在备份中,即使它包含匹配的选择器标签也是如此。

通过这种方式, 不需要备份的​​secret​​​ 等资源通过​​velero.io/exclude-from-backup=true​​ 标签(label)进行排除.

通过这种方式排除的​​secret​​部分示例如下:

builder-dockercfg-jbnzr
default-token-lshh8
pipeline-token-xt645
使用restic 备份Pod Volume

标签:实战,Velero,caseycui2020,velero,--,create,io,迁移,openshift
From: https://blog.51cto.com/u_15875298/5929110

相关文章

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99