女主宣言
你是否在运维kubernetes集群中有过这样的经历:
⼀个新⼈把某个namespace点击删除,导致这下⾯所有的资源全部丢失,只能⼀步⼀步的重新部署。新搭建集群,为了保证环境尽可能⼀致,只能从⽼集群拿出来yaml⽂件在新集群中疯狂apply。令⼈抓狂的瞬间随之⽽来的就是浪费⼤好⻘春的搬砖时光。
现在已经开源了很多集群资源对象备份的⼯具,把这些⼯具利⽤起来让你的⼯作事半功倍,不在苦逼加班。
PS:丰富的一线技术、多元化的表现形式,尽在“360云计算”,点关注哦!
1
集群备份⽐较
1.etcd备份
etcd备份可以实现K8S集群的备份,但是这种备份⼀般是全局的,可以恢复到集群某⼀时刻的状态,⽆ 法精确到恢复某⼀资源对象,⼀般使⽤快照的形式进⾏备份和恢复。
# 备份
#!/usr/bin/env bash
date;
CACERT="/opt/kubernetes/ssl/ca.pem"
CERT="/opt/kubernetes/ssl/server.pem"
EKY="/opt/kubernetes/ssl/server-key.pem"
ENDPOINTS="192.168.1.36:2379"
ETCDCTL_API=3 etcdctl \
--cacert="${CACERT}" --cert="${CERT}" --key="${EKY}" \
--endpoints=${ENDPOINTS} \
snapshot save /data/etcd_backup_dir/etcd-snapshot-`date +%Y%m%d`.db
# 备份保留30天
find /data/etcd_backup_dir/ -name *.db -mtime +30 -exec rm -f {} \;
# 恢复
ETCDCTL_API=3 etcdctl snapshot restore /data/etcd_backup_dir/etcd-snapshot20191222.db \
--name etcd-0 \
--initial-cluster "etcd-0=https://192.168.1.36:2380,etcd1=https://192.168.1.37:2380,etcd-2=https://192.168.1.38:2380" \
--initial-cluster-token etcd-cluster \
--initial-advertise-peer-urls https://192.168.1.36:2380 \
--data-dir=/var/lib/etcd/default.etcd
2.资源对象备份
对于更⼩粒度的划分到每种资源对象的备份,对于误删除了某种namespace或deployment以及集群迁 移就很有⽤了。现在开源⼯具有很多都提供了这样的功能,⽐如Velero, PX-Backup,Kasten。
velero:
Velero is an open source tool to safely backup and restore, perform disaster recovery, and
migrate Kubernetes cluster resources and persistent volumes.
PX-Backup:
Built from the ground up for Kubernetes, PX-Backup delivers enterprise-grade application
and data protection with fast recovery at the click of a button
Kasten:
urpose-built for Kubernetes, Kasten K10 provides enterprise operations teams an easy-touse, scalable, and secure system for backup/restore, disaster recovery, and mobility of
Kubernetes applications.
2
velero
Velero lets you:
1.Take backups of your cluster and restore incase of loss.
2.Migrate cluster resources to otherclusters.
3.Replicate your production cluster todevelopm