kubernetes备份工具velero的安装和使用
1.依赖镜像
velero/velero_plugin_for_aws:v1.9.0 velero/velero:v1.13.0 velero/velero_restore_helper:v1.13.0
2.安装
参考https://velero.io/docs/v1.13/contributions/minio/进行安装
部分参数解释
--use-node-agent #文件系统备份需要的 --uploader-type restic #使用restic上传文件系统的备份文件 --bucket velero #minio上的bucket名,需要提前创建 --secret-file ./credentials-velero #minio的用户名密码文件 --backup-location-config region=minio,s3ForcePathStyle="true",s3Url=http://minio-svc.pero:9000 #minio的地址
credentials-velero文件
[default] aws_access_key_id = minio aws_secret_access_key = minio123
安装命令
velero install \ --provider aws \ --use-node-agent \ --uploader-type restic \ --image velero/velero:v1.13.0 \ --plugins velero/velero_plugin_for_aws:v1.9.0 \ --bucket velero \ --secret-file ./credentials-velero \ --use-volume-snapshots=false \ --backup-location-config region=minio,s3ForcePathStyle="true",s3Url=http://minio-svc.pero:9000
创建fs-restore-action-config.yaml文件,该文件主要用于文件系统备份恢复
apiVersion: v1 kind: ConfigMap metadata: # any name can be used; Velero uses the labels (below) # to identify it rather than the name name: fs-restore-action-config # must be in the velero namespace namespace: velero # the below labels should be used verbatim in your # ConfigMap. labels: # this value-less label identifies the ConfigMap as # config for a plugin (i.e. the built-in restore # item action plugin) velero.io/plugin-config: "" # this label identifies the name and kind of plugin # that this ConfigMap is for. velero.io/pod-volume-restore: RestoreItemAction data: # The value for "image" can either include a tag or not; # if the tag is *not* included, the tag from the main Velero # image will automatically be used. image: velero/velero_restore_helper:v1.13.0-linux-amd64 #这里指定镜像 # "cpuRequest" sets the request.cpu value on the restore init containers during restore. # If not set, it will default to "100m". A value of "0" is treated as unbounded. cpuRequest: 200m # "memRequest" sets the request.memory value on the restore init containers during restore. # If not set, it will default to "128Mi". A value of "0" is treated as unbounded. memRequest: 128Mi # "cpuLimit" sets the request.cpu value on the restore init containers during restore. # If not set, it will default to "100m". A value of "0" is treated as unbounded. cpuLimit: 200m # "memLimit" sets the request.memory value on the restore init containers during restore. # If not set, it will default to "128Mi". A value of "0" is treated as unbounded. memLimit: 128Mi # "secCtxRunAsUser" sets the securityContext.runAsUser value on the restore init containers during restore. # secCtxRunAsUser: 1001 # "secCtxRunAsGroup" sets the securityContext.runAsGroup value on the restore init containers during restore. # secCtxRunAsGroup: 999 # "secCtxAllowPrivilegeEscalation" sets the securityContext.allowPrivilegeEscalation value on the restore init containers during restore. # secCtxAllowPrivilegeEscalation: false # "secCtx" sets the securityContext object value on the restore init containers during restore. # This key override `secCtxRunAsUser`, `secCtxRunAsGroup`, `secCtxAllowPrivilegeEscalation` if `secCtx.runAsUser`, `secCtx.runAsGroup` or `secCtx.allowPrivilegeEscalation` are set. secCtx: | capabilities: drop: - ALL add: [] allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 999
查看pod,发现node-agent可能无法正常启动
kubectl get pod -n velero
修改node-agent的hostPath挂载路径
#查看原来的挂载路径
kubectl edit daemonset -n velero node-agent
#修改为实际挂载路径即可
kubectl patch daemonset -n velero node-agent -p '{"spec":{"template":{"spec":{"volumes":[{"name":"host-pods","hostPath":{"path":"/apps/kubernetes/pods"}},{"name":"host-plugins","hostPath":{"path":"/apps/kubernetes/plugins"}}]}}}}'
3.使用
#备份所有分区的所有资源 velero backup create k8s-backup-20240318 --include-namespaces "*" --default-volumes-to-fs-backup #恢复指定分区的资源 velero restore create --from-backup k8s-backup-20240318 --include-namespaces wdd-test #恢复指定label的资源 velero restore create --from-backup k8s-backup-20240318 --selector velero=test
4.备份数据到指定的minio
#查看secrect,参考已有secret创建新的secret kubectl get secret -n velero kubectl edit secret -n velero cloud-credentials
#创建xdd-secrect,minio用户名密码改为真实的
kubectl create secret generic xdd-secret -n velero --from-literal=cloud="[default]
aws_access_key_id = minioadmin
aws_secret_access_key = minioadmin
" #创建backup-location velero backup-location create new-backup --credential xdd-secret=cloud --provider aws --bucket xdd --config region=minio,s3ForcePathStyle="true",s3Url=http://minio-1-svcpero:9000 #查看新建的backup-location kubectl get backupstoragelocations -A #备份到指定的backup-location velero backup create k8s-backup-20240318-1 --include-namespaces "*" --default-volumes-to-fs-backup --storage-location new-backup
5.卸载
velero uninstall
6.注意事项
使用--selector备份和恢复时,使用的label是metadata标签下的
metadata: labels: velero: true
文件系统备份只能备份pvc的数据,不能备份hostPath的数据
参考链接
https://velero.io/docs/v1.13/