Velero系列文章(四):使用Velero进行生产迁移实战

十念  金牌会员 | 2022-12-14 18:18:41 | 显示全部楼层 | 阅读模式
打印 上一主题 下一主题

主题 683|帖子 683|积分 2049

概述

目的

通过 velero  工具, 实现以下整体目标:

  • 特定 namespace 在B  A两个集群间做迁移;
具体目标为:

  • 在B  A集群上创建 velero  (包括 restic )
  • 备份 B集群 特定 namespace : caseycui2020:

    • 备份resources - 如deployments, configmaps等;

      • 备份前, 排除特定secrets的yaml.

    • 备份volume数据; (通过restic实现)

      • 通过"选择性启用" 的方式, 只备份特定的pod volume


  • 迁移特定 namespace 到 A集群 : caseycui2020:

    • 迁移resources - 通过include的方式, 仅迁移特定resources;
    • 迁移volume数据. (通过restic 实现)

安装


  • 在您的本地目录中创建特定于Velero的凭证文件(credentials-velero):
    使用的是xsky的对象存储: (公司的netapp的对象存储不兼容)
    1. [default]
    2. aws_access_key_id = xxxxxxxxxxxxxxxxxxxxxxxx
    3. aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    复制代码
  • (openshift) 需要先创建 namespace : velero: oc new-project velero
  • 默认情况下,用户维度的openshift namespace 不会在集群中的所有节点上调度Pod。
    要在所有节点上计划namespace,需要一个注释:
    1. oc annotate namespace velero openshift.io/node-selector=""
    复制代码
    这应该在安装velero之前完成。
  • 启动服务器和存储服务。 在Velero目录中,运行:
    1. velero install \
    2.     --provider aws \
    3.     --plugins velero/velero-plugin-for-aws:v1.0.0 \
    4.     --bucket velero \
    5.     --secret-file ./credentials-velero \
    6.     --use-restic \
    7.     --use-volume-snapshots=true \
    8.     --backup-location-config region="default",s3ForcePath,s3Url="http://glacier.ewhisper.cn",insecureSkipTLSVerify="true",signatureVersion="4" \
    9.     --snapshot-location-config region="default"
    复制代码
    创建的内容包括:
    1. CustomResourceDefinition/backups.velero.io: attempting to create resource
    2. CustomResourceDefinition/backups.velero.io: created
    3. CustomResourceDefinition/backupstoragelocations.velero.io: attempting to create resource
    4. CustomResourceDefinition/backupstoragelocations.velero.io: created
    5. CustomResourceDefinition/deletebackuprequests.velero.io: attempting to create resource
    6. CustomResourceDefinition/deletebackuprequests.velero.io: created
    7. CustomResourceDefinition/downloadrequests.velero.io: attempting to create resource
    8. CustomResourceDefinition/downloadrequests.velero.io: created
    9. CustomResourceDefinition/podvolumebackups.velero.io: attempting to create resource
    10. CustomResourceDefinition/podvolumebackups.velero.io: created
    11. CustomResourceDefinition/podvolumerestores.velero.io: attempting to create resource
    12. CustomResourceDefinition/podvolumerestores.velero.io: created
    13. CustomResourceDefinition/resticrepositories.velero.io: attempting to create resource
    14. CustomResourceDefinition/resticrepositories.velero.io: created
    15. CustomResourceDefinition/restores.velero.io: attempting to create resource
    16. CustomResourceDefinition/restores.velero.io: created
    17. CustomResourceDefinition/schedules.velero.io: attempting to create resource
    18. CustomResourceDefinition/schedules.velero.io: created
    19. CustomResourceDefinition/serverstatusrequests.velero.io: attempting to create resource
    20. CustomResourceDefinition/serverstatusrequests.velero.io: created
    21. CustomResourceDefinition/volumesnapshotlocations.velero.io: attempting to create resource
    22. CustomResourceDefinition/volumesnapshotlocations.velero.io: created
    23. Waiting for resources to be ready in cluster...
    24. Namespace/velero: attempting to create resource
    25. Namespace/velero: created
    26. ClusterRoleBinding/velero: attempting to create resource
    27. ClusterRoleBinding/velero: created
    28. ServiceAccount/velero: attempting to create resource
    29. ServiceAccount/velero: created
    30. Secret/cloud-credentials: attempting to create resource
    31. Secret/cloud-credentials: created
    32. BackupStorageLocation/default: attempting to create resource
    33. BackupStorageLocation/default: created
    34. VolumeSnapshotLocation/default: attempting to create resource
    35. VolumeSnapshotLocation/default: created
    36. Deployment/velero: attempting to create resource
    37. Deployment/velero: created
    38. DaemonSet/restic: attempting to create resource
    39. DaemonSet/restic: created
    40. Velero is installed! ⛵ Use 'kubectl logs deployment/velero -n velero' to view the status.
    复制代码
  • (openshift) 将velero ServiceAccount添加到privilegedSCC:
    1. $ oc adm policy add-scc-to-user privileged -z velero -n velero
    复制代码
  • (openshift) 对于OpenShift版本> = 4.1,修改DaemonSet yaml以请求privileged模式:
    1. @@ -67,3 +67,5 @@ spec:
    2.               value: /credentials/cloud
    3.             - name: VELERO_SCRATCH_DIR
    4.               value: /scratch
    5. +          securityContext:
    6. +            privileged: true
    复制代码
    或:
    1. oc patch ds/restic \
    2.   --namespace velero \
    3.   --type json \
    4.   -p '[{"op":"add","path":"/spec/template/spec/containers/0/securityContext","value": { "privileged": true}}]'
    复制代码
备份 - B集群

备份集群级别的特定资源
  1. velero backup create <backup-name> --include-cluster-resources=true  --include-resources deployments,configmaps
复制代码
查看备份
  1. velero backup describe YOUR_BACKUP_NAME
复制代码
备份特定 namespace  caseycui2020

排除特定资源

标签为velero.io/exclude-from-backup=true的资源不包括在备份中,即使它包含匹配的选择器标签也是如此。
通过这种方式, 不需要备份的secret 等资源通过velero.io/exclude-from-backup=true 标签(label)进行排除.
通过这种方式排除的secret部分示例如下:
  1. builder-dockercfg-jbnzr
  2. default-token-lshh8
  3. pipeline-token-xt645
复制代码
使用restic 备份Pod Volume

<blockquote>

免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!
回复

使用道具 举报

0 个回复

倒序浏览

快速回复

您需要登录后才可以回帖 登录 or 立即注册

本版积分规则

十念

金牌会员
这个人很懒什么都没写!

标签云

快速回复 返回顶部 返回列表