Velero: k8s 备份、还原和迁移工具

Velero是由Vmware捐献给CNCF的，对Kubernetes进行备份、还原和迁移的工具。

介绍

Velero是一个云原生的灾难备份、还原和迁移工具，使用Golang开发、且开源，用于安全的备份、还原和迁移 Kubernetes 集群资源数据（etcd数据）。

参考

说明：

备份数据可以上传到Ceph、S3等

使用

创建准备

该账户用于通过调用 k8s API 查询资源，参考：

Kubernetes 认证介绍

参考 cfssl 证书签发工具使用为 velero 签发证书
k8s API 认证 kubeconf 文件生产

# 生成认证文件
$ export KUBE_APISERVER="https://172.20.0.241:6443"
$ kubectl config set-cluster kubernetes \
  --certificate-authority=/etc/kubernetes/pki/ca.crt \
  --embed-certs=true \
  --server=${KUBE_APISERVER} \
  --kubeconfig=./velero.kubeconfig

# 设置客户端证书
$ kubectl config set-credentials velero \
  --client-certificate=./velero.pem \
  --client-key=./velero-key.pem \
  --embed-certs=true \
  --kubeconfig=./velero.kubeconfig

# 设置上下文参数
$ kubectl config set-context kubernetes \
  --cluster=kubernetes \
  --user=velero \
  --namespace=velero-system \
  --kubeconfig=./velero.kubeconfig

设置默认上下文

$ kubectl config user-context kubernetes --kubeconfig=./velero.kubeconfig

创建 namespace

kubectl create ns velero-system

在 k8s 集群中创建 velero 用户

kubectl create clusterrolebinding velero --clusterrole=cluster-admin --user=velero

切换默认上下文

root@k8s-master:~/velero# kubectl config use-context kubernetes --kubeconfig velero.kubeconfig
Switched to context "kubernetes".

安装 minio

minio 提供 S3 接口，用来保存 velero 备份文件
- 参考 MinIO 介绍
- 也可以使用安装包里的 dp 快速创建 velero-v1.9.0-linux-amd64/examples/minio/00-minio-deployment.yaml
创建 aws 认证文件：minio-auth.txt

$ cat minio-auth.txt
[default]
aws_access_key_id = admin
aws_secret_access_key = minioadmin

安装 velero

安装 velero 客户端

wget https://github.com/vmware-tanzu/velero/releases/download/v1.9.0/velero-v1.9.0-linux-amd64.tar.gz
tar -zxvf velero-v1.9.0-linux-amd64.tar.gz  # 有示例文件可参考
cp velero-v1.9.0-linux-amd64/velero /usr/local/bin

help

velero--help ↕

$ velero --help
velero --help
Velero is a tool for managing disaster recovery, specifically for Kubernetes
cluster resources. It provides a simple, configurable, and operationally robust
way to back up your application state and associated data.

If you're familiar with kubectl, Velero supports a similar model, allowing you to
execute commands such as 'velero get backup' and 'velero create schedule'. The same
operations can also be performed as 'velero backup get' and 'velero schedule create'.

Usage:
  velero [command]

Available Commands:
  backup            Work with backups
  backup-location   Work with backup storage locations
  bug               Report a Velero bug
  client            Velero client related commands
  completion        Generate completion script
  create            Create velero resources
  debug             Generate debug bundle
  delete            Delete velero resources
  describe          Describe velero resources
  get               Get velero resources
  help              Help about any command
  install           Install Velero
  plugin            Work with plugins
  restic            Work with restic
  restore           Work with restores
  schedule          Work with schedules
  snapshot-location Work with snapshot locations
  uninstall         Uninstall Velero
  version           Print the velero version and associated image

安装 velero 服务端

$ velero install \
  --kubeconfig ./velero.kubeconfig \
  --provider aws \
  --plugins velero/velero-plugin-for-aws:v1.5.0 \
  --bucket velero \
  --secret-file ./minio-auth.txt \
  --use-volume-snapshots=false \
  --namespace velero-system \
  --backup-location-config region=minio,s3ForcePathStyle="true",s3Url="http://172.20.0.241:9000"

安装日志：

velero-install-log ↕

root@k8s-master:~/velero# velero install   --kubeconfig ./velero.kubeconfig   --provider aws   --plugins velero/velero-plugin-for-aws:v1.5.0   --bucket velero   --secret-file ./minio-auth.txt   --use-volume-snapshots=false   --namespace velero-system   --backup-location-config region=minio,s3ForcePathStyle="true",s3Url="http://172.20.0.241:9000"
CustomResourceDefinition/backups.velero.io: attempting to create resource
CustomResourceDefinition/backups.velero.io: attempting to create resource client
CustomResourceDefinition/backups.velero.io: created
CustomResourceDefinition/backupstoragelocations.velero.io: attempting to create resource
CustomResourceDefinition/backupstoragelocations.velero.io: attempting to create resource client
CustomResourceDefinition/backupstoragelocations.velero.io: created
CustomResourceDefinition/deletebackuprequests.velero.io: attempting to create resource
CustomResourceDefinition/deletebackuprequests.velero.io: attempting to create resource client
CustomResourceDefinition/deletebackuprequests.velero.io: created
CustomResourceDefinition/downloadrequests.velero.io: attempting to create resource
CustomResourceDefinition/downloadrequests.velero.io: attempting to create resource client
CustomResourceDefinition/downloadrequests.velero.io: created
CustomResourceDefinition/podvolumebackups.velero.io: attempting to create resource
CustomResourceDefinition/podvolumebackups.velero.io: attempting to create resource client
CustomResourceDefinition/podvolumebackups.velero.io: created
CustomResourceDefinition/podvolumerestores.velero.io: attempting to create resource
CustomResourceDefinition/podvolumerestores.velero.io: attempting to create resource client
CustomResourceDefinition/podvolumerestores.velero.io: created
CustomResourceDefinition/resticrepositories.velero.io: attempting to create resource
CustomResourceDefinition/resticrepositories.velero.io: attempting to create resource client
CustomResourceDefinition/resticrepositories.velero.io: created
CustomResourceDefinition/restores.velero.io: attempting to create resource
CustomResourceDefinition/restores.velero.io: attempting to create resource client
CustomResourceDefinition/restores.velero.io: created
CustomResourceDefinition/schedules.velero.io: attempting to create resource
CustomResourceDefinition/schedules.velero.io: attempting to create resource client
CustomResourceDefinition/schedules.velero.io: created
CustomResourceDefinition/serverstatusrequests.velero.io: attempting to create resource
CustomResourceDefinition/serverstatusrequests.velero.io: attempting to create resource client
CustomResourceDefinition/serverstatusrequests.velero.io: created
CustomResourceDefinition/volumesnapshotlocations.velero.io: attempting to create resource
CustomResourceDefinition/volumesnapshotlocations.velero.io: attempting to create resource client
CustomResourceDefinition/volumesnapshotlocations.velero.io: created
Waiting for resources to be ready in cluster...
Namespace/velero-system: attempting to create resource
Namespace/velero-system: attempting to create resource client
Namespace/velero-system: already exists, proceeding
Namespace/velero-system: created
ClusterRoleBinding/velero-velero-system: attempting to create resource
ClusterRoleBinding/velero-velero-system: attempting to create resource client
ClusterRoleBinding/velero-velero-system: created
ServiceAccount/velero: attempting to create resource
ServiceAccount/velero: attempting to create resource client
ServiceAccount/velero: created
Secret/cloud-credentials: attempting to create resource
Secret/cloud-credentials: attempting to create resource client
Secret/cloud-credentials: created
BackupStorageLocation/default: attempting to create resource
BackupStorageLocation/default: attempting to create resource client
BackupStorageLocation/default: created
Deployment/velero: attempting to create resource
Deployment/velero: attempting to create resource client
Deployment/velero: created
Velero is installed! ⛵ Use 'kubectl logs deployment/velero -n velero-system' to view the status.

默认使用的镜像是：velero/velero:v1.9.0

部署后资源

$ kubectl -n velero-system get pod
NAME                     READY   STATUS    RESTARTS   AGE
velero-96bbcf5fc-xgzrq   1/1     Running   0          8m52s

使用

备份

$ DATE=`date +%Y%m%d%H%M%S`
$ velero backup create \
  istio-backup-${DATE} \
  --namespace velero-system \
  --include-namespaces istio-system \
  --kubeconfig ./velero.kubeconfig
Backup request "istio-backup-20220901215842" submitted successfully.
Run `velero backup describe istio-backup-20220901215842` or `velero backup logs istio-backup-20220901215842` for more details.

查看备份

velero-backups ↕

$ kubectl -n velero-system get backups.velero.io
NAME                          AGE
istio-backup-20220901215842   98s
$ velero -n velero-system backup describe istio-backup-20220901215842
Name:         istio-backup-20220901215842
Namespace:    velero-system
Labels:       velero.io/storage-location=default
Annotations:  velero.io/source-cluster-k8s-gitversion=v1.25.0
              velero.io/source-cluster-k8s-major-version=1
              velero.io/source-cluster-k8s-minor-version=25

Phase:  Completed

Errors:    0
Warnings:  0

Namespaces:
  Included:  istio-system
  Excluded:  <none>

Resources:
  Included:        *
  Excluded:        <none>
  Cluster-scoped:  auto

Label selector:  <none>

Storage Location:  default

Velero-Native Snapshot PVs:  auto

TTL:  720h0m0s

Hooks:  <none>

Backup Format Version:  1.1.0

Started:    2022-09-01 21:57:47 +0800 CST
Completed:  2022-09-01 21:57:51 +0800 CST

Expiration:  2022-10-01 21:57:47 +0800 CST

Total items to be backed up:  77
Items backed up:              77

Velero-Native Snapshots: <none included>

查看备份日志

velero -n velero-system backup logs istio-backup-20220901215842

还原

$ velero restore create \
  --namespace velero-system \
  --kubeconfig ./velero.kubeconfig \
  --from-backup istio-backup-20220901215842 --wait
Restore request "istio-backup-20220901215842-20220901220800" submitted successfully.
Waiting for restore to complete. You may safely press ctrl-c to stop waiting - your restore will continue in the background.
.............
Restore completed with status: Completed. You may check for more information using the commands `velero restore describe istio-backup-20220901215842-20220901220800` and `velero restore logs istio-backup-20220901215842-20220901220800`.

查看还原日志

$ velero -n velero-system restore logs istio-backup-20220901215842-20220901220800

查看恢复后的资源（略）

Velero: k8s 备份、还原和迁移工具

介绍

使用

创建准备

安装 minio

安装 velero

安装 velero 客户端

velero--help ↕

安装 velero 服务端

velero-install-log ↕

使用

备份

velero-backups ↕

还原

Help

Cookie Notice!