48
用 k8up 把 PVC 备份到 S3
source link: https://blog.fleeto.us/post/backup-pvc-2-s3/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
k8up
是一个基于 Restic
的备份工具,可以一次性的或者周期性的把指定的 PVC 备份到 S3 协议的对象存储上去,备份内容还可以使用 Restic 恢复到 S3 或者 PVC 上。除了 PVC,后续还可以用命令的方式,例如 mysqldump
,把数据库等内容备份出来。
安装和初始化
Helm 安装即可:
helm repo add appuio https://charts.appuio.ch helm repo update helm install appuio/k8up
安装过程会生成一系列的 CRD,会在后续步骤中使用。
后续过程中需要两个 Secret,分别用来加密备份和访问 S3:
$ kubectl create secret generic s3secret --from-literal token=[hidden] \
--from-literal key=[hidden]
secret/s3secret created
$ kubectl create secret generic backup --from-literal password=PassW0rd
secret/backup created
备份 PVC
k8up 会选择命名空间中注解为 appuio.ch/backup: "true"
的 PVC 进行备份,我们用下文的工作负载生成两个 PVC,运行起来之后,两个 PVC 分别挂载到容器的 /data1
和 /data2
目录中,可以登录到 Pod,在其中生成文件:
$ kubectl exec -it debugger-7b8f654484-hrcg9 bash bash-4.4# echo "Hello world" > /data/data.txt
创建一次性任务:
apiVersion: backup.appuio.ch/v1alpha1
kind: Backup
metadata:
name: backup-now
spec:
keepJobs: 4
backend:
repoPasswordSecretRef:
name: backup
key: password
s3:
endpoint: https://s3.amazonaws.com
bucket: dustise
accessKeyIDSecretRef:
name: s3secret
key: token
secretAccessKeySecretRef:
name: s3secret
key: key
查看 Pod 日志:
$ kubectl logs -f k8up-1578112449-84d7d4d6cc-q6qsh 2020/01/04 14:30:10 [INFO] New backup job received backup-now in namespace default 2020/01/04 14:30:10 [INFO] Listing all PVCs with annotation appuio.ch/backup in namespace default 2020/01/04 14:30:10 [INFO] Adding data to list ... 2020/01/04 14:30:29 [INFO] default/backupjob-1578148210 is running 2020/01/04 14:30:37 [INFO] default/backupjob-1578148210 finished successfully
两个卷的备份均已完成,查看 S3 的情况:
$ s3cmd la
DIR s3://dustise/data/
DIR s3://dustise/index/
DIR s3://dustise/keys/
DIR s3://dustise/snapshots/
2020-01-04 14:30 155 s3://dustise/config
发现已经初始化了一个备份结构。
还原
备份成功之后,我们希望还原一下,看看备份的内容。
新建一个 PVC 用作还原目标:
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: restore
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
创建一个还原命令:
apiVersion: backup.appuio.ch/v1alpha1
kind: Restore
metadata:
name: restore2pvc
namespace: default
spec:
backend:
repoPasswordSecretRef:
key: password
name: backup
s3:
accessKeyIDSecretRef:
key: token
name: s3secret
bucket: dustise
endpoint: https://s3.amazonaws.com
secretAccessKeySecretRef:
key: key
name: s3secret
restoreMethod:
folder:
claimName: restore
查看运行日志:
$ kubectl logs -f k8up-1578112449-84d7d4d6cc-q6qsh 2020/01/04 14:43:45 [INFO] Received restore job restore-now in namespace default 2020/01/04 14:43:45 [INFO] default/restorejob-1578149025 is running 2020/01/04 14:43:45 [INFO] default/restorejob-1578149025 is running 2020/01/04 14:43:59 [INFO] default/restorejob-1578149025 is running 2020/01/04 14:44:15 [INFO] default/restorejob-1578149025 finished successfully
查看该卷内容,会发现其中有一个 data/data
目录,包含了我们的备份内容。
附录
连接
-
https://k8up.io/ -
https://github.com/restic/restic
源码
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: debugger
name: debugger
spec:
replicas: 1
selector:
matchLabels:
app: debugger
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: debugger
spec:
containers:
- image: dustise/sleep
name: sleep
resources: {}
volumeMounts:
- name: data
mountPath: /data
volumes:
- name: data
persistentVolumeClaim:
claimName: data
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: data
annotations:
appuio.ch/backup: "true"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK