kubernetes备份工具velero的安装和使用

1.依赖镜像

velero/velero_plugin_for_aws:v1.9.0
velero/velero:v1.13.0
velero/velero_restore_helper:v1.13.0

 

2.安装

参考https://velero.io/docs/v1.13/contributions/minio/进行安装

部分参数解释

    --use-node-agent #文件系统备份需要的
    --uploader-type restic #使用restic上传文件系统的备份文件
    --bucket velero #minio上的bucket名,需要提前创建
    --secret-file ./credentials-velero  #minio的用户名密码文件
    --backup-location-config region=minio,s3ForcePathStyle="true",s3Url=http://minio-svc.pero:9000 #minio的地址

 

credentials-velero文件

[default]
aws_access_key_id = minio
aws_secret_access_key = minio123

 

安装命令

velero install \
    --provider aws \
    --use-node-agent \
    --uploader-type restic \
    --image velero/velero:v1.13.0 \
    --plugins velero/velero_plugin_for_aws:v1.9.0 \
    --bucket velero \
    --secret-file ./credentials-velero \
    --use-volume-snapshots=false \
    --backup-location-config region=minio,s3ForcePathStyle="true",s3Url=http://minio-svc.pero:9000

 

创建fs-restore-action-config.yaml文件,该文件主要用于文件系统备份恢复

apiVersion: v1
kind: ConfigMap
metadata:
  # any name can be used; Velero uses the labels (below)
  # to identify it rather than the name
  name: fs-restore-action-config
  # must be in the velero namespace
  namespace: velero
  # the below labels should be used verbatim in your
  # ConfigMap.
  labels:
    # this value-less label identifies the ConfigMap as
    # config for a plugin (i.e. the built-in restore
    # item action plugin)
    velero.io/plugin-config: ""
    # this label identifies the name and kind of plugin
    # that this ConfigMap is for.
    velero.io/pod-volume-restore: RestoreItemAction
data:
  # The value for "image" can either include a tag or not;
  # if the tag is *not* included, the tag from the main Velero
  # image will automatically be used.
  image: velero/velero_restore_helper:v1.13.0-linux-amd64 #这里指定镜像

  # "cpuRequest" sets the request.cpu value on the restore init containers during restore.
  # If not set, it will default to "100m". A value of "0" is treated as unbounded.
  cpuRequest: 200m

  # "memRequest" sets the request.memory value on the restore init containers during restore.
  # If not set, it will default to "128Mi". A value of "0" is treated as unbounded.
  memRequest: 128Mi

  # "cpuLimit" sets the request.cpu value on the restore init containers during restore.
  # If not set, it will default to "100m". A value of "0" is treated as unbounded.
  cpuLimit: 200m

  # "memLimit" sets the request.memory value on the restore init containers during restore.
  # If not set, it will default to "128Mi". A value of "0" is treated as unbounded.
  memLimit: 128Mi

  # "secCtxRunAsUser" sets the securityContext.runAsUser value on the restore init containers during restore.
  # secCtxRunAsUser: 1001

  # "secCtxRunAsGroup" sets the securityContext.runAsGroup value on the restore init containers during restore.
  # secCtxRunAsGroup: 999

  # "secCtxAllowPrivilegeEscalation" sets the securityContext.allowPrivilegeEscalation value on the restore init containers during restore.
  # secCtxAllowPrivilegeEscalation: false

  # "secCtx" sets the securityContext object value on the restore init containers during restore.
  # This key override  `secCtxRunAsUser`, `secCtxRunAsGroup`, `secCtxAllowPrivilegeEscalation` if `secCtx.runAsUser`, `secCtx.runAsGroup` or `secCtx.allowPrivilegeEscalation` are set.
  secCtx: |
    capabilities:
      drop:
      - ALL
      add: []
    allowPrivilegeEscalation: false
    readOnlyRootFilesystem: true
    runAsUser: 1001
    runAsGroup: 999

 

查看pod,发现node-agent可能无法正常启动

kubectl get pod -n velero

 

修改node-agent的hostPath挂载路径

#查看原来的挂载路径
kubectl edit daemonset -n velero node-agent

#修改为实际挂载路径即可
kubectl patch daemonset -n velero node-agent -p '{"spec":{"template":{"spec":{"volumes":[{"name":"host-pods","hostPath":{"path":"/apps/kubernetes/pods"}},{"name":"host-plugins","hostPath":{"path":"/apps/kubernetes/plugins"}}]}}}}'

 

3.使用

#备份所有分区的所有资源
velero backup create k8s-backup-20240318 --include-namespaces "*" --default-volumes-to-fs-backup

#恢复指定分区的资源
velero restore create --from-backup k8s-backup-20240318 --include-namespaces wdd-test

#恢复指定label的资源
velero restore create --from-backup k8s-backup-20240318 --selector velero=test

 

4.备份数据到指定的minio

#查看secrect,参考已有secret创建新的secret
kubectl get secret -n velero 
kubectl  edit secret -n velero cloud-credentials

#创建xdd-secrect,minio用户名密码改为真实的
kubectl create secret generic xdd-secret -n velero --from-literal=cloud="[default]
aws_access_key_id = minioadmin
aws_secret_access_key = minioadmin
" #创建backup
-location velero backup-location create new-backup --credential xdd-secret=cloud --provider aws --bucket xdd --config region=minio,s3ForcePathStyle="true",s3Url=http://minio-1-svcpero:9000 #查看新建的backup-location kubectl get backupstoragelocations -A #备份到指定的backup-location velero backup create k8s-backup-20240318-1 --include-namespaces "*" --default-volumes-to-fs-backup --storage-location new-backup

 

5.卸载

velero uninstall

 

 

6.注意事项

使用--selector备份和恢复时,使用的label是metadata标签下的

metadata:
  labels:
    velero: true

 

文件系统备份只能备份pvc的数据,不能备份hostPath的数据

 

参考链接

https://velero.io/docs/v1.13/

 

posted @ 2024-03-18 11:54  wdgde  阅读(121)  评论(0)    收藏  举报