Velero is a utility to back up and restore your Kubernetes resource and persistent volumes.
To do backup/restore on Alibaba Cloud through Velero utility, you need to install and configure velero and velero-plugin for alibabacloud.
To set up Velero on AlibabaCloud, you:
Download the latest official release's tarball for your client platform.
We strongly recommend that you use an official release of
Velero. The tarballs for each release contain the velero
command-line client. The code in the master branch
of the Velero repository is under active development and is not guaranteed to be stable!
Extract the tarball:
tar -xvf <RELEASE-TARBALL-NAME>.tar.gz -C /dir/to/extract/to
We'll refer to the directory you extracted to as the "Velero directory" in subsequent steps.
Move the velero
binary from the Velero directory to somewhere in your PATH.
Velero requires an object storage bucket to store backups in, preferrably unique to a single Kubernetes cluster. Create an OSS bucket, replacing placeholders appropriately:
BUCKET=<YOUR_BUCKET>
REGION=<YOUR_REGION>
ossutil mb oss://$BUCKET \
--storage-class Standard \
--acl=private
For more information, see the AlibabaCloud documentation on RAM users guides.
Create the RAM user:
Follow the AlibabaCloud documentation on RAM users.
If you'll be using Velero to backup multiple clusters with multiple OSS buckets, it may be desirable to create a unique username per cluster rather than the default
velero
.
Attach policies to give velero
the necessary permissions:
Note that you'd better release the velero's delete permissions once you have completed your backup or restore task for safety reasons.
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:DescribeSnapshots",
"ecs:CreateSnapshot",
"ecs:DeleteSnapshot",
"ecs:DescribeDisks",
"ecs:CreateDisk",
"ecs:Addtags",
"oss:PutObject",
"oss:GetObject",
"oss:DeleteObject",
"oss:GetBucket",
"oss:ListObjects",
"oss:ListBuckets"
],
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}
Create an access key for the user:
Create a Velero-specific credentials file (credentials-velero
) in your install
directory:
ALIBABA_CLOUD_ACCESS_KEY_ID=<ALIBABA_CLOUD_ACCESS_KEY_ID>
ALIBABA_CLOUD_ACCESS_KEY_SECRET=<ALIBABA_CLOUD_ACCESS_KEY_SECRET>
where the access key id and secret are the values get from the step 3.
Set some environment variables
BUCKET=<YOUR_BUCKET>
REGION=<YOUR_REGION>
Create and run velero and velero-plugin for alibabacloud
Run the following command to create and run velero and velero-plugin for alibabacloud
velero install \
--provider alibabacloud \
--image registry.$REGION.aliyuncs.com/acs/velero:1.4.2-2b9dce65-aliyun \
--bucket $BUCKET \
--secret-file ./credentials-velero \
--use-volume-snapshots=false \
--backup-location-config region=$REGION \
--use-restic \
--plugins registry.$REGION.aliyuncs.com/acs/velero-plugin-alibabacloud:v1.0.0-2d33b89 \
--wait
If you want use an internal oss endpoint, you can add params:
--backup-location-config region=$REGION,network=internal
If you want use a oss prefix to store backup files, you can add params:
--prefix <your oss bucket prefix>
Create ConfigMap for velero restic helper image in your restore cluster
Run the following command to create a velero restic helper configmap in your restore cluster(optional for backup cluster).
kubectl -n velero apply -f install/02-configmap.yaml
Cleanup velero installation
Run the following command to cleanup the velero installation
kubectl delete namespace/velero clusterrolebinding/velero
kubectl delete crds -l component=velero
nginx example without persistent volumes
Run the following command to create a nginx example without persistent volumes:
kubectl apply -f examples/base.yaml
Create a backup:
velero backup create nginx-backup --include-namespaces nginx-example --wait
Destroy the nginx example:
kubectl delete namespaces nginx-example
Create a restore from nginx-backup:
velero restore create --from-backup nginx-backup --wait
nginx example with persistent volumes
Run the following command to create a nginx example with persistent volumes:
kubectl apply -f examples/with-pv.yaml
Add annotations to pod volume, restic will backup the volume data during backup process.
kubectl -n nginx-example annotate pod/nginx-deployment-7477779c4f-dxspm backup.velero.io/backup-volumes=nginx-logs
Create a backup:
velero backup create nginx-backup-volume --include-namespaces nginx-example --wait
Destroy the nginx example:
kubectl delete namespaces nginx-example
Create a restore from nginx-backup-volume:
velero restore create --from-backup nginx-backup-volume --wait