首页 > 其他分享 >备份与迁移k8s集群神器

备份与迁移k8s集群神器

时间:2023-01-09 09:34:09浏览次数:65  
标签:velero name -- 备份 神器 nginx k8s backup

前言

一般来说大家都用etcd备份恢复k8s集群,但是有时候我们可能不小心删掉了一个namespace,假设这个ns里面有上百个服务,瞬间没了,怎么办?

当然了,可以用CI/CD系统发布,但是时间会花费很久,这时候,vmvare的Velero出现了。

velero可以帮助我们:

灾备场景,提供备份恢复k8s集群的能力
迁移场景,提供拷贝集群资源到其他集群的能力(复制同步开发,测试,生产环境的集群配置,简化环境配置)
下面我就介绍一下如何使用 Velero 完成备份和迁移。


Velero 地址:https://github.com/vmware-tanzu/velero

ACK 插件地址:https://github.com/AliyunContainerService/velero-plugin

下载 Velero 客户端

Velero 由客户端和服务端组成,服务器部署在目标 k8s 集群上,而客户端则是运行在本地的命令行工具。

前往 Velero 的 Release 页面 下载客户端,直接在 GitHub 上下载即可
解压 release 包
将 release 包中的二进制文件 velero 移动到 $PATH 中的某个目录下
执行 velero -h 测试
部署velero-plugin插件

拉取代码

git clone https://github.com/AliyunContainerService/velero-plugin

配置修改

修改 install/credentials-velero 文件,将新建用户中获得的 AccessKeyIDAccessKeySecret 填入,这里的 OSS EndPoint 为之前 OSS 的访问域名

ALIBABA_CLOUD_ACCESS_KEY_ID=<ALIBABA_CLOUD_ACCESS_KEY_ID>
ALIBABA_CLOUD_ACCESS_KEY_SECRET=<ALIBABA_CLOUD_ACCESS_KEY_SECRET>
ALIBABA_CLOUD_OSS_ENDPOINT=<ALIBABA_CLOUD_OSS_ENDPOINT>

修改 install/01-velero.yaml,将 OSS 配置填入:

---
apiVersion: v1
kind: ServiceAccount
metadata:
  namespace: velero
  name: velero

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    component: velero
  name: velero
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: velero
  namespace: velero

---
apiVersion: velero.io/v1
kind: BackupStorageLocation
metadata:
  labels:
    component: velero
  name: default
  namespace: velero
spec:
  config:
    region: cn-beijing
  objectStorage:
    bucket: k8s-backup-test
    prefix: test
  provider: alibabacloud

---
apiVersion: velero.io/v1
kind: VolumeSnapshotLocation
metadata:
  labels:
    component: velero
  name: default
  namespace: velero
spec:
  config:
    region: cn-beijing
  provider: alibabacloud

---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: velero
  namespace: velero
spec:
  replicas: 1
  selector:
    matchLabels:
      deploy: velero
  template:
    metadata:
      annotations:
        prometheus.io/path: /metrics
        prometheus.io/port: "8085"
        prometheus.io/scrape: "true"
      labels:
        component: velero
        deploy: velero
    spec:
      serviceAccountName: velero
      containers:
      - name: velero
        # sync from velero/velero:v1.2.0
        image: registry.cn-hangzhou.aliyuncs.com/acs/velero:v1.2.0
        imagePullPolicy: IfNotPresent
        command:
          - /velero
        args:
          - server
          - --default-volume-snapshot-locations=alibabacloud:default
        env:
          - name: VELERO_SCRATCH_DIR
            value: /scratch
          - name: ALIBABA_CLOUD_CREDENTIALS_FILE
            value: /credentials/cloud
        volumeMounts:
          - mountPath: /plugins
            name: plugins
          - mountPath: /scratch
            name: scratch
          - mountPath: /credentials
            name: cloud-credentials
      initContainers:
      - image: registry.cn-hangzhou.aliyuncs.com/acs/velero-plugin-alibabacloud:v1.2-991b590
        imagePullPolicy: IfNotPresent
        name: velero-plugin-alibabacloud
        volumeMounts:
        - mountPath: /target
          name: plugins
      volumes:
        - emptyDir: {}
          name: plugins
        - emptyDir: {}
          name: scratch
        - name: cloud-credentials
          secret:
            secretName: cloud-credentials

k8s 部署 Velero 服务

# 新建 namespace
kubectl create namespace velero
# 部署 credentials-velero 的 secret
kubectl create secret generic cloud-credentials --namespace velero --from-file cloud=install/credentials-velero
# 部署 CRD
kubectl apply -f install/00-crds.yaml
# 部署 Velero
kubectl apply -f install/01-velero.yaml

备份测试
这里,我们将使用velero备份一个集群内相关的resource,并在当该集群出现一些故障或误操作的时候,能够快速恢复集群resource, 首先我们用下面的yaml来部署:

---
apiVersion: v1
kind: Namespace
metadata:
  name: nginx-example
  labels:
    app: nginx

---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: nginx-deployment
  namespace: nginx-example
spec:
  replicas: 2
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - image: nginx:1.7.9
        name: nginx
        ports:
        - containerPort: 80

---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: nginx
  name: my-nginx
  namespace: nginx-example
spec:
  ports:
  - port: 80
    targetPort: 80
  selector:
    app: nginx

我们可以全量备份,也可以只备份需要备份的一个namespace,本处只备份一个namespace:nginx-example

[rsync@velero-plugin]$ kubectl get pods -n nginx-example

NAME                                READY   STATUS    RESTARTS   AGE
nginx-deployment-5c689d88bb-f8vsx   1/1     Running   0          6m31s
nginx-deployment-5c689d88bb-rt2zk   1/1     Running   0          6m32s		

[rsync@velero]$ cd velero-v1.4.0-linux-amd64/

[[email protected]]$ ll

total 56472
drwxrwxr-x 4 rsync rsync     4096 Jun  1 15:02 examples
-rw-r--r-- 1 rsync rsync    10255 Dec 10 01:08 LICENSE
-rwxr-xr-x 1 rsync rsync 57810814 May 27 04:33 velero
[[email protected]]$ ./velero backup create nginx-backup --include-namespaces nginx-example --wait
Backup request "nginx-backup" submitted successfully.
Waiting for backup to complete. You may safely press ctrl-c to stop waiting - your backup will continue in the background.
.
Backup completed with status: Completed. You may check for more information using the commands `velero backup describe nginx-backup` and `velero backup logs nginx-backup`.

删除ns

[[email protected]]$ kubectl delete namespaces nginx-example
namespace "nginx-example" deleted

[[email protected]]$ kubectl get pods -n nginx-example  
No resources found.
恢复

[[email protected]]$ ./velero restore create --from-backup nginx-backup --wait
Restore request "nginx-backup-20200603180922" submitted successfully.
Waiting for restore to complete. You may safely press ctrl-c to stop waiting - your restore will continue in the background.

Restore completed with status: Completed. You may check for more information using the commands `velero restore describe nginx-backup-20200603180922` and `velero restore logs nginx-backup-20200603180922`.
[[email protected]]$ kubectl get pods -n nginx-example
NAME                                READY   STATUS              RESTARTS   AGE
nginx-deployment-5c689d88bb-f8vsx   1/1     Running             0          5s
nginx-deployment-5c689d88bb-rt2zk   0/1     ContainerCreating   0          5s

可以看到已经恢复了
另外迁移和备份恢复也是一样的,下面看一个特殊的,再部署一个项目,之后恢复会不会删掉新部署的项目。

新建了一个tomcat容器

[rsync@tomcat-test]$ kubectl get pods -n nginx-example
NAME                                READY   STATUS    RESTARTS   AGE
nginx-deployment-5c689d88bb-f8vsx   1/1     Running   0          65m
nginx-deployment-5c689d88bb-rt2zk   1/1     Running   0          65m
tomcat-test-sy-677ff78f6b-rc5vq     1/1     Running   0          7s
restore 一下

[[email protected]]$ ./velero  restore create --from-backup nginx-backup        
Restore request "nginx-backup-20200603191726" submitted successfully.
Run `velero restore describe nginx-backup-20200603191726` or `velero restore logs nginx-backup-20200603191726` for more details.
[[email protected]]$ kubectl get pods -n nginx-example  
NAME                                READY   STATUS    RESTARTS   AGE
nginx-deployment-5c689d88bb-f8vsx   1/1     Running   0          68m
nginx-deployment-5c689d88bb-rt2zk   1/1     Running   0          68m
tomcat-test-sy-677ff78f6b-rc5vq     1/1     Running   0          2m33s

可以看到没有覆盖
删除nginx的deployment,在restore

[[email protected]]$ kubectl delete deployment nginx-deployment -n nginx-example

deployment.extensions "nginx-deployment" deleted

[[email protected]]$ kubectl get pods -n nginx-example

NAME                              READY   STATUS    RESTARTS   AGE
tomcat-test-sy-677ff78f6b-rc5vq   1/1     Running   0          4m18s

[[email protected]]$ ./velero restore create --from-backup nginx-backup

Restore request "nginx-backup-20200603191949" submitted successfully.
Run `velero restore describe nginx-backup-20200603191949` or `velero restore logs nginx-backup-20200603191949` for more details.

[[email protected]]$ kubectl get pods -n nginx-example NAME READY STATUS RESTARTS AGE

nginx-deployment-5c689d88bb-f8vsx   1/1     Running             0          2s
nginx-deployment-5c689d88bb-rt2zk   0/1     ContainerCreating   0          2s
tomcat-test-sy-677ff78f6b-rc5vq     1/1     Running             0          4m49s

可以看到,对我们的tomcat项目是没影响的。
结论:velero恢复不是直接覆盖,而是会恢复当前集群中不存在的resource,已有的resource不会回滚到之前的版本,如需要回滚,需在restore之前提前删除现有的resource。

高级用法
可以设置一个周期性定时备份

# 每日1点进行备份
velero create schedule <SCHEDULE NAME> --schedule="0 1 * * *"
# 每日1点进行备份,备份保留48小时
velero create schedule <SCHEDULE NAME> --schedule="0 1 * * *" --ttl 48h
# 每6小时进行一次备份
velero create schedule <SCHEDULE NAME> --schedule="@every 6h"
# 每日对 web namespace 进行一次备份
velero create schedule <SCHEDULE NAME> --schedule="@every 24h" --include-namespaces web
定时备份的名称为:`<SCHEDULE NAME>-<TIMESTAMP>`,恢复命令为:`velero restore create --from-backup <SCHEDULE NAME>-<TIMESTAMP>`。
如需备份恢复持久卷,备份如下:

velero backup create nginx-backup-volume --snapshot-volumes --include-namespaces nginx-example
该备份会在集群所在region给云盘创建快照(当前还不支持NAS和OSS存储),快照恢复云盘只能在同region完成。

恢复命令如下:

velero  restore create --from-backup nginx-backup-volume --restore-volumes
删除备份

方法一,通过命令直接删除
velero delete backups default-backup
方法二,设置备份自动过期,在创建备份时,加上TTL参数
velero backup create <BACKUP-NAME> --ttl <DURATION>
还可为资源添加指定标签,添加标签的资源在备份的时候被排除。

添加标签

kubectl label -n <ITEM_NAMESPACE> <RESOURCE>/<NAME> velero.io/exclude-from-backup=true
# 为 default namespace 添加标签
kubectl label -n default namespace/default velero.io/exclude-from-backup=true

参考链接
https://yq.aliyun.com/articles/705007?spm=a2c4e.11163080.searchblog.140.1a8b2ec1TYJPbF
—本文结束感谢您的阅读。微信扫描二维码,关注我的公众号—

转发url: https://shenshengkun.github.io/posts/olsn73dq.html

标签:velero,name,--,备份,神器,nginx,k8s,backup
From: https://www.cnblogs.com/Qing-840/p/17036016.html

相关文章

  • 七、k8s入门系列----Ingress
    原文网址:https://www.cnblogs.com/fenggq/p/15061842.html七、k8s入门系列----Ingress 上节讲到当k8s集群多个业务需要80端口提供业务时,可以使用LoadBlanceServ......
  • k8s1.20二进制安装
    一、集群信息192.168.1.5vm5master1etcd192.168.1.6vm6master2etcd192.168.1.7vm7master3etcd192.168.1.8vm8node01证书说明:二、初始化#关闭防火......
  • postgres备份与恢复资料
    创建归档目录/home/postgres/pg13/archive_log修改参数WAL_LEVEL可选值:minimal,replica,logical开启wal归档至少设置为replicaaltersystemsetwal_level='replica';......
  • k8s ratel一键部署
    Ratel是一个Kubernetes多集群资源管理平台,基于管理Kubernetes的资源开发,可以管理Kubernetes的Deployment、DaemonSet、StatefulSet、Service、Ingress、Pods、Nodes、Cron......
  • [kubernetes]二进制部署k8s集群
    0.前言采用二进制部署三主三工作节点的k8s集群,工作节点和Master节点共用服务器,因此只用到了三台服务器。master采用haproxy+keepalive实现高可用。实际生产环境中,建议......
  • k8s网络与办公网络互通
     kubernetes的网络模型中,基于官方默认的CNI网络插件Flannel,这种OverlayNetwork(覆盖网络)可以轻松的实现pod间网络的互通。当我们把基于springcloud的微服务迁移......
  • Kubernetes(k8s) kubectl config常用命令
    kubectl在$HOME/.kube目录中查找一个名为config的配置文件。可以通过设置KUBECONFIG环境变量或设置--kubeconfig参数来指定其它kubeconfig文件。本文主要介绍K......
  • .Net Core 商城微服务项目系列(十二):使用k8s部署商城服务
    原文网址:https://www.bbsmax.com/A/Ae5RRDeN5Q/一、简介本篇我们将会把商城的服务部署到k8s中,同时变化的还有以下两个地方:1.不再使用Consul做服务的注册和发现,转而使用k......
  • Kubernetes初探[1]:部署您的第一个ASP.NET Core应用到k8s集群
    原文网址:http://www.manongjc.com/detail/41-lgbqyltuzalhfxg.htmlKubernetes简介Kubernetes是Google基于Borg开源的容器编排调度引擎,作为CNCF(CloudNativeComputingFo......
  • Net Core 微服务 - 如何将.Net Core Web Api服务部署到Kubernetes (K8s)中 转载
    原文网址:https://blog.51cto.com/u_15127693/43566721.新建一个WebApi项目 默认的webapi项目包含一个默认的api:/weatherforecast  2.新建一个Dockerfile文件 ......