介绍 (Introduction)
Velero is a convenient backup tool for Kubernetes clusters that compresses and backs up Kubernetes objects to object storage. It also takes snapshots of your cluster’s Persistent Volumes using your cloud provider’s block storage snapshot features, and can then restore your cluster’s objects and Persistent Volumes to a previous state.
Velero是用于Kubernetes集群的便捷备份工具,可将Kubernetes对象压缩并备份到对象存储。 它还使用云提供商的块存储快照功能为群集的永久卷拍摄快照,然后可以将群集的对象和永久卷还原到以前的状态。
The DigitalOcean Velero Plugin allows you to use DigitalOcean block storage to snapshot your Persistent Volumes, and Spaces to back up your Kubernetes objects. When running a Kubernetes cluster on DigitalOcean, this allows you to quickly back up your cluster’s state and restore it should disaster strike.
使用DigitalOcean Velero插件 ,您可以使用DigitalOcean块存储来快照持久卷,并使用空间来备份Kubernetes对象。 在DigitalOcean上运行Kubernetes集群时,这使您可以快速备份集群的状态,并在发生灾难时恢复它的状态。
In this tutorial we’ll set up and configure the velero command line tool on a local machine, and deploy the server component into our Kubernetes cluster. We’ll then deploy a sample Nginx app that uses a Persistent Volume for logging and then simulate a disaster recovery scenario.
在本教程中,我们将在本地计算机上设置和配置velero命令行工具,并将服务器组件部署到我们的Kubernetes集群中。 然后,我们将部署一个示例Nginx应用,该应用使用持久卷进行日志记录,然后模拟灾难恢复场景。
先决条件 (Prerequisites)
Before you begin this tutorial, you should have the following available to you:
在开始本教程之前,您应该可以使用以下内容:
On your local computer:
在您的本地计算机上:
The
kubectlcommand-line tool, configured to connect to your cluster. You can read more about installing and configuringkubectlin the official Kubernetes documentation.kubectl命令行工具,配置为连接到集群。 您可以在Kubernetes官方文档中阅读有关安装和配置kubectl的更多信息 。The
gitcommand-line utility. You can learn how to installgitin Getting Started with Git.
In your DigitalOcean account:
在您的DigitalOcean帐户中:
A DigitalOcean Kubernetes cluster, or a Kubernetes cluster (version
1.7.5or later) on DigitalOcean Droplets.DigitalOcean Droplet上的DigitalOcean Kubernetes集群或Kubernetes集群(版本
1.7.5或更高版本)。A DNS server running inside of your cluster. If you are using DigitalOcean Kubernetes, this is running by default. To learn more about configuring a Kubernetes DNS service, consult Customizing DNS Service from the official Kuberentes documentation.
在群集内部运行的DNS服务器。 如果您使用的是DigitalOcean Kubernetes,则默认情况下正在运行。 要了解有关配置Kubernetes DNS服务的更多信息,请参阅Kuberentes官方文档中的定制DNS服务 。
A DigitalOcean Space that will store your backed-up Kubernetes objects. To learn how to create a Space, consult the Spaces product documentation.
一个DigitalOcean空间,将存储您备份的Kubernetes对象。 要了解如何创建Space,请查阅Spaces产品文档 。
An access key pair for your DigitalOcean Space. To learn how to create a set of access keys, consult How to Manage Administrative Access to Spaces.
DigitalOcean Space的访问密钥对。 要了解如何创建一组访问密钥,请参阅如何管理对空间的管理访问 。
A personal access token for use with the DigitalOcean API. To learn how to create a personal access token, consult How to Create a Personal Access Token. Ensure that the token you create or use has
Read/Writepermissions or snapshots will not work.与DigitalOcean API一起使用的个人访问令牌。 要了解如何创建个人访问令牌,请参阅如何创建个人访问令牌 。 确保您创建或使用的令牌具有
Read/Write权限,否则快照将不起作用。
Once you have all of this set up, you’re ready to begin with this guide.
一旦完成所有这些设置,就可以开始使用本指南了。
第1步-安装Velero客户端 (Step 1 — Installing the Velero Client)
The Velero backup tool consists of a client installed on your local computer and a server that runs in your Kubernetes cluster. To begin, we’ll install the local Velero client.
Velero备份工具由安装在本地计算机上的客户端和在Kubernetes群集中运行的服务器组成。 首先,我们将安装本地Velero客户端。
In your web browser, navigate to the Velero GitHub repo releases page, find the release corresponding to your OS and system architecture, and copy the link address. For the purposes of this guide, we’ll use an Ubuntu 18.04 server on an x86-64 (or AMD64) processor as our local machine, and the Velero v1.2.0 release.
在您的Web浏览器中,导航到Velero GitHub repo 版本页面 ,找到与您的操作系统和系统架构相对应的版本,然后复制链接地址。 为了本指南的目的,我们将在x86-64(或AMD64)处理器上使用Ubuntu 18.04服务器作为本地计算机,并使用Velero v1.2.0发行版。
Note: To follow this guide, you should download and install v1.2.0 of the Velero client.
注意:要遵循本指南,您应该下载并安装Velero客户端v1.2.0 。
Then, from the command line on your local computer, navigate to the temporary /tmp directory and cd into it:
然后,从本地计算机上的命令行,导航到临时/tmp目录并cd进入该目录:
- cd /tmp cd / tmp
Use wget and the link you copied earlier to download the release tarball:
使用wget和您先前复制的链接下载发行包。
wget https://link_copied_from_release_page
wget https:// link_copied_from_release_page
Once the download completes, extract the tarball using tar (note the filename may differ depending on the release version and your OS):
下载完成后,使用tar解压缩tarball(请注意,文件名可能会因发行版本和操作系统而异):
tar -xvzf velero-v1.2.0-linux-amd64.tar.gz
tar -xvzf velero-v1.2.0-linux-amd64.tar.gz
The /tmp directory should now contain the extracted velero-v1.2.0-linux-amd64 directory as well as the tarball you just downloaded.
/tmp目录现在应包含解压缩的velero-v1.2.0-linux-amd64目录以及刚刚下载的tarball。
Verify that you can run the velero client by executing the binary:
通过执行二进制文件来验证您可以运行velero客户端:
- ./velero-v1.2.0-linux-amd64/velero help ./velero-v1.2.0-linux-amd64/velero帮助
You should see the following help output:
您应该看到以下帮助输出:
Output
Velero is a tool for managing disaster recovery, specifically for Kubernetes
cluster resources. It provides a simple, configurable, and operationally robust
way to back up your application state and associated data.
If you're familiar with kubectl, Velero supports a similar model, allowing you to
execute commands such as 'velero get backup' and 'velero create schedule'. The same
operations can also be performed as 'velero backup get' and 'velero schedule create'.
Usage:
velero [command]
Available Commands:
backup Work with backups
backup-location Work with backup storage locations
bug Report a Velero bug
client Velero client related commands
completion Output shell completion code for the specified shell (bash or zsh)
create Create velero resources
delete Delete velero resources
describe Describe velero resources
get Get velero resources
help Help about any command
install Install Velero
plugin Work with plugins
restic Work with restic
restore Work with restores
schedule Work with schedules
snapshot-location Work with snapshot locations
version Print the velero version and associated image
. . .
At this point you should move the velero executable out of the temporary /tmp directory and add it to your PATH. To add it to your PATH on an Ubuntu system, simply copy it to /usr/local/bin:
此时,您应该将velero可执行文件移出临时/tmp目录,并将其添加到PATH 。 要将其添加到Ubuntu系统上的PATH ,只需将其复制到/usr/local/bin :
- sudo mv velero-v1.2.0-linux-amd64/velero /usr/local/bin/velero 须藤MV Velero-v1.2.0-linux-amd64 / velero / usr / local / bin / velero
You’re now ready to configure secrets for the Velero server and then deploy it to your Kubernetes cluster.
现在,您可以为Velero服务器配置机密,然后将其部署到Kubernetes集群。
第2步-配置机密 (Step 2 — Configuring Secrets)
Before setting up the server component of Velero, you will need to prepare your DigitalOcean Spaces keys and API token. Again navigate to the temporary directory /tmp using the cd command:
在设置Velero的服务器组件之前,您需要准备DigitalOcean Spaces密钥和API令牌。 再次使用cd命令导航到临时目录/tmp :
- cd /tmp cd / tmp
Now we’ll download a copy of the Velero plugin for DigitalOcean. Visit the plugin’s Github releases page and copy the link to the file ending in .tar.gz.
现在,我们将下载DigitalOcean的Velero插件的副本。 访问插件的Github发布页面 ,并将链接复制到以.tar.gz结尾的文件。
Use wget and the link you copied earlier to download the release tarball:
使用wget和您先前复制的链接下载发行包。
wget https://link_copied_from_release_page
wget https:// link_copied_from_release_page
Once the download completes, extract the tarball using tar (again note that the filename may differ depending on the release version):
下载完成后,请使用tar解压缩tarball(再次注意,文件名可能会因发行版本而异):
tar -xvzf v1.0.0.tar.gz
tar -xvzf v1.0.0.tar.gz
The /tmp directory should now contain the extracted velero-plugin-1.0.0 directory as well as the tarball you just downloaded.
/tmp目录现在应包含解压缩的velero-plugin-1.0.0目录以及刚刚下载的tarball。
Next we’ll cd into the velero-plugin-1.0.0 directory:
下一步,我们将cd插入velero-plugin-1.0.0目录:
- cd velero-plugin-1.0.0 光盘velero-plugin-1.0.0
Now we can save the access keys for our DigitalOcean Space and API token for use as a Kubernetes Secret. First, open up the examples/cloud-credentials file using your favorite editor.
现在,我们可以为DigitalOcean Space和API令牌保存访问密钥,以用作Kubernetes Secret。 首先,使用您喜欢的编辑器打开examples/cloud-credentials文件。
- nano examples/cloud-credentials 纳米实例/云凭证
The file will look like this:
该文件将如下所示:
[default]
aws_access_key_id=<AWS_ACCESS_KEY_ID>
aws_secret_access_key=<AWS_SECRET_ACCESS_KEY>Edit the <AWS_ACCESS_KEY_ID> and <AWS_SECRET_ACCESS_KEY> placeholders to use your DigitalOcean Spaces keys. Be sure to remove the < and > characters.
编辑<AWS_ACCESS_KEY_ID>和<AWS_SECRET_ACCESS_KEY>占位符以使用DigitalOcean Spaces键。 确保删除<和>字符。
The next step is to edit the 01-velero-secret.patch.yaml file so that it includes your DigitalOcean API token. Open the file in your favourite editor:
下一步是编辑01-velero-secret.patch.yaml文件,使其包含DigitalOcean API令牌。 在您喜欢的编辑器中打开文件:
- nano examples/01-velero-secret.patch.yaml 纳米实例/01-velero-secret.patch.yaml
It should look like this:
它看起来应该像这样:
---
apiVersion: v1
kind: Secret
stringData:
digitalocean_token: <DIGITALOCEAN_API_TOKEN>
type: OpaqueChange the entire <DIGITALOCEAN_API_TOKEN> placeholder to use your DigitalOcean personal API token. The line should look something like digitalocean_token: 18a0d730c0e0..... Again, make sure to remove the < and > characters.
更改整个<DIGITALOCEAN_API_TOKEN>占位符以使用您的DigitalOcean个人API令牌。 该行应类似于digitalocean_token: 18a0d730c0e0.... 同样,请确保删除<和>字符。
步骤3 —安装Velero服务器 (Step 3 — Installing the Velero Server)
A Velero installation consists of a number of Kubernetes objects that all work together to create, schedule, and manage backups. The velero executable that you just downloaded can generate and install these objects for you. The velero install command will perform the preliminary set-up steps to get your cluster ready for backups. Specifically, it will:
Velero安装由许多Kubernetes对象组成,这些对象一起工作以创建,计划和管理备份。 您刚刚下载的velero可执行文件可以为您生成并安装这些对象。 velero install命令将执行初步设置步骤,以使您的集群准备好进行备份。 具体来说,它将:
Create a
veleroNamespace.创建一个
velero命名空间。Add the
veleroService Account.添加
velero服务帐户。Configure role-based access control (RBAC) rules to grant permissions to the
veleroService Account.配置基于角色的访问控制(RBAC)规则以授予
velero服务帐户权限。Install Custom Resource Definitions (CRDs) for the Velero-specific resources:
Backup,Schedule,Restore,Config.为特定于Velero的资源安装自定义资源定义(CRD):
Backup,Schedule,Restore,Config。Register Velero Plugins to manage Block snapshots and Spaces storage.
注册Velero插件来管理块快照和空间存储。
We will run the velero install command with some non-default configuration options. Specifically, you will to need edit each of the following settings in the actual invocation of the command to match your Spaces configuration:
我们将使用一些非默认配置选项运行velero install命令。 具体来说,您将需要在命令的实际调用中编辑以下每个设置,以匹配您的Spaces配置:
--bucket velero-backups: Change thevelero-backupsvalue to match the name of your DigitalOcean Space. For example if you called your Space ‘backup-bucket’, the option would look like this:--bucket backup-bucket--bucket velero-backups:更改velero-backups值以匹配DigitalOcean Space的名称。 例如,如果您将Space命名为“ backup-bucket”,则该选项应如下所示:--bucket backup-bucket--backup-location-config s3Url=https://nyc3.digitaloceanspaces.com,region=nyc3: Change the URL and region to match your Space’s settings. Specifically, edit bothnyc3portions to match the region where your Space is hosted. For example, if your Space is hosted in thefra1region, the line would look like this:--backup-location-config s3Url=https://fra1.digitaloceanspaces.com,region=fra1. The identifiers for regions are:nyc3,sfo2,sgp1, andfra1.--backup-location-config s3Url=https:// nyc3 .digitaloceanspaces.com,region= nyc3:更改URL和区域以匹配Space的设置。 具体来说,编辑两个nyc3部分以匹配托管您的Space的区域。 例如,如果您的Space托管在fra1区域中,则该行应如下所示:--backup-location-config s3Url=https:// fra1 .digitaloceanspaces.com,region= fra1。 区域的标识符为:nyc3,sfo2,sgp1和fra1。
Once you are ready with the appropriate bucket and backup location settings, it is time to install Velero. Run the following command, substituting your values where required:
准备好适当的存储桶和备份位置设置后,就该安装Velero了。 运行以下命令,在需要的地方替换您的值:
- velero install \ velero安装
- --provider velero.io/aws \ --provider velero.io/aws \
- --bucket velero-backups \ --bucket velero-backups \
- --plugins velero/velero-plugin-for-aws:v1.0.0,digitalocean/velero-plugin:v1.0.0 \ --plugins velero / velero-for-aws:v1.0.0,digitalocean / velero-plugin:v1.0.0 \
- --backup-location-config s3Url=https://nyc3.digitaloceanspaces.com,region=nyc3 \ --backup-location-config s3Url = https://nyc3.digitaloceanspaces.com,region=nyc3 \
- --use-volume-snapshots=false \ --use-volume-snapshots = false \
- --secret-file=./examples/cloud-credentials --secret-file =。/ examples / cloud-credentials
You should see the following output:
您应该看到以下输出:
Output
CustomResourceDefinition/backups.velero.io: attempting to create resource
CustomResourceDefinition/backups.velero.io: created
CustomResourceDefinition/backupstoragelocations.velero.io: attempting to create resource
CustomResourceDefinition/backupstoragelocations.velero.io: created
CustomResourceDefinition/deletebackuprequests.velero.io: attempting to create resource
CustomResourceDefinition/deletebackuprequests.velero.io: created
CustomResourceDefinition/downloadrequests.velero.io: attempting to create resource
CustomResourceDefinition/downloadrequests.velero.io: created
CustomResourceDefinition/podvolumebackups.velero.io: attempting to create resource
CustomResourceDefinition/podvolumebackups.velero.io: created
CustomResourceDefinition/podvolumerestores.velero.io: attempting to create resource
CustomResourceDefinition/podvolumerestores.velero.io: created
CustomResourceDefinition/resticrepositories.velero.io: attempting to create resource
CustomResourceDefinition/resticrepositories.velero.io: created
CustomResourceDefinition/restores.velero.io: attempting to create resource
CustomResourceDefinition/restores.velero.io: created
CustomResourceDefinition/schedules.velero.io: attempting to create resource
CustomResourceDefinition/schedules.velero.io: created
CustomResourceDefinition/serverstatusrequests.velero.io: attempting to create resource
CustomResourceDefinition/serverstatusrequests.velero.io: created
CustomResourceDefinition/volumesnapshotlocations.velero.io: attempting to create resource
CustomResourceDefinition/volumesnapshotlocations.velero.io: created
Waiting for resources to be ready in cluster...
Namespace/velero: attempting to create resource
Namespace/velero: created
ClusterRoleBinding/velero: attempting to create resource
ClusterRoleBinding/velero: created
ServiceAccount/velero: attempting to create resource
ServiceAccount/velero: created
Secret/cloud-credentials: attempting to create resource
Secret/cloud-credentials: created
BackupStorageLocation/default: attempting to create resource
BackupStorageLocation/default: created
Deployment/velero: attempting to create resource
Deployment/velero: created
Velero is installed! ⛵ Use 'kubectl logs deployment/velero -n velero' to view the status.
You can watch the deployment logs using the kubectl command from the output. Once your deploy is ready, you can proceed to the next step, which is configuring the server. A successful deploy will look like this (with a different AGE column):
您可以从输出中使用kubectl命令查看部署日志。 部署准备就绪后,您可以继续执行下一步,即配置服务器。 成功的部署将如下所示(具有不同的AGE列):
- kubectl get deployment/velero --namespace velero kubectl获取部署/ velero --namespace velero
Output
NAME READY UP-TO-DATE AVAILABLE AGE
velero 1/1 1 1 2m
At this point you have installed the server component of Velero into your Kubernetes cluster as a Deployment. You have also registered your Spaces keys with Velero using a Kubernetes Secret.
至此,您已经将Velero的服务器组件作为部署安装到Kubernetes集群中。 您还已经使用Kubernetes Secret向Velero注册了Spaces密钥。
Note: You can specify the kubeconfig that the velero command line tool should use with the --kubeconfig flag. If you don’t use this flag, velero will check the KUBECONFIG environment variable and then fall back to the kubectl default (~/.kube/config).
注意:您可以指定kubeconfig的velero命令行工具应与使用--kubeconfig标志。 如果不使用此标志, velero将检查KUBECONFIG环境变量,然后回kubectl默认值( ~/.kube/config )。
步骤4 —配置快照 (Step 4 — Configuring snapshots)
When we installed the Velero server, the option --use-volume-snapshots=false was part of the command. Since we want to take snapshots of the underlying block storage devices in our Kubernetes cluster, we need to tell Velero to use the correct plugin for DigitalOcean block storage.
当我们安装Velero服务器时,选项--use-volume-snapshots=false是命令的一部分。 由于我们想对Kubernetes集群中的基础块存储设备进行快照,因此我们需要告诉Velero为DigitalOcean块存储使用正确的插件。
Run the following command to enable the plugin and register it as the default snapshot provider:
运行以下命令以启用插件并将其注册为默认快照提供程序:
- velero snapshot-location create default --provider digitalocean.com/velero velero快照位置创建默认--provider digitalocean.com/velero
You will see the following output:
您将看到以下输出:
Output
Snapshot volume location "default" configured successfully.
第5步-添加API令牌 (Step 5 — Adding an API token)
In the previous step we created block storage and object storage objects in the Velero server. We’ve registered the digitalocean/velero-plugin:v1.0.0 plugin with the server, and installed our Spaces secret keys into the cluster.
在上一步中,我们在Velero服务器中创建了块存储和对象存储对象。 我们已经在服务器上注册了digitalocean/velero-plugin:v1.0.0插件,并将Spaces秘密密钥安装到了集群中。
The final step is patching the cloud-credentials Secret that we created earlier to use our DigitalOcean API token. Without this token the snapshot plugin will not be able to authenticate with the DigitalOcean API.
最后一步是修补我们先前创建的cloud-credentials密钥,以使用我们的DigitalOcean API令牌。 没有此令牌,快照插件将无法使用DigitalOcean API进行身份验证。
We could use the kubectl edit command to modify the Velero Deployment object with a reference to the API token. However, editing complex YAML objects by hand can be tedious and error prone. Instead, we’ll use the kubectl patch command since Kubernetes supports patching objects. Let’s take a quick look at the contents of the patch files that we’ll apply.
我们可以使用kubectl edit命令通过引用API令牌来修改Velero Deployment对象。 但是,手动编辑复杂的YAML对象可能很繁琐且容易出错。 相反,我们将使用kubectl patch命令,因为Kubernetes支持修补对象 。 让我们快速看一下将应用的补丁文件的内容。
The first patch file is the examples/01-velero-secret.patch.yaml file that you edited earlier. It is designed to add your API token to the secrets/cloud-credentials Secret that already contains your Spaces keys. cat the file:
第一个补丁文件是您先前编辑的examples/01-velero-secret.patch.yaml文件。 它旨在将您的API令牌添加到已经包含您的Spaces密钥的secrets/cloud-credentials Secret中。 cat文件:
- cat examples/01-velero-secret.patch.yaml 猫的例子/01-velero-secret.patch.yaml
It should look like this (with your token in place of the <DIGITALOCEAN_API_TOKEN> placeholder):
它应该看起来像这样(用您的令牌代替<DIGITALOCEAN_API_TOKEN>占位符):
. . .
---
apiVersion: v1
kind: Secret
stringData:
digitalocean_token: <DIGITALOCEAN_API_TOKEN>
type: OpaqueNow let’s look at the patch file for the Deployment:
现在,让我们看一下Deployment的补丁文件:
- cat examples/02-velero-deployment.patch.yaml 猫实例/02-velero-deployment.patch.yaml
You should see the following YAML:
您应该看到以下YAML:
. . .
---
apiVersion: v1
kind: Deployment
spec:
template:
spec:
containers:
- args:
- server
command:
- /velero
env:
- name: DIGITALOCEAN_TOKEN
valueFrom:
secretKeyRef:
key: digitalocean_token
name: cloud-credentials
name: veleroThis file indicates that we’re patching a Deployment’s Pod spec that is called velero. Since this is a patch we do not need to specify an entire Kubernetes object spec or metadata. In this case the Velero Deployment is already configured using the cloud-credentials secret because the velero install command created it for us. So all that this patch needs to do is register the digitalocean_token as an environment variable with the already deployed Velero Pod.
该文件表明我们正在修补称为velero的Deployment的Pod规范。 由于这是一个补丁,因此我们不需要指定整个Kubernetes对象规范或元数据。 在这种情况下,因为已经使用velero install命令为我们创建了Velero部署秘密,所以已经使用cloud-credentials秘密配置了Velero部署。 因此,此修补程序所需要做的只是向已经部署的Velero Pod注册digitalocean_token作为环境变量。
Let’s apply the first Secret patch using the kubectl patch command:
让我们使用kubectl patch命令应用第一个Secret补丁:
- kubectl patch secret/cloud-credentials -p "$(cat examples/01-velero-secret.patch.yaml)" --namespace velero kubectl补丁密钥秘密/ cloud-credentials -p“ $(cat examples / 01-velero-secret.patch.yaml)” --namespace velero
You should see the following output:
您应该看到以下输出:
Output
secret/cloud-credentials patched
Finally we will patch the Deployment. Run the following command:
最后,我们将修补部署。 运行以下命令:
- kubectl patch deployment/velero -p "$(cat examples/02-velero-deployment.patch.yaml)" --namespace velero kubectl补丁程序部署/ velero -p“ $(cat examples / 02-velero-deployment.patch.yaml)” --namespace velero
You will see the following if the patch is successful:
如果补丁成功,您将看到以下内容:
Output
deployment.apps/velero patched
Let’s verify the patched Deployment is working using kubectl get on the velero Namespace:
让我们使用velero命名空间上的velero kubectl get验证修补的Deployment是否正在工作:
- kubectl get deployment/velero --namespace velero kubectl获取部署/ velero --namespace velero
You should see the following output:
您应该看到以下输出:
Output
NAME READY UP-TO-DATE AVAILABLE AGE
velero 1/1 1 1 12s
At this point Velero is running and fully configured, and ready to back up and restore your Kubernetes cluster objects and Persistent Volumes to DigitalOcean Spaces and Block Storage.
此时,Velero正在运行并已完全配置,可以将Kubernetes群集对象和持久卷备份和还原到DigitalOcean空间和块存储。
In the next section, we’ll run a quick test to make sure that the backup and restore functionality works as expected.
在下一节中,我们将进行快速测试,以确保备份和还原功能按预期工作。
步骤6 —测试备份和还原过程 (Step 6 — Testing Backup and Restore Procedure)
Now that we’ve successfully installed and configured Velero, we can create a test Nginx Deployment, with a Persistent Volume and Service. Once the Deployment is running we will run through a backup and restore drill to ensure that Velero is configured and working properly.
现在,我们已经成功安装和配置了Velero,我们可以创建一个具有持久卷和服务的测试Nginx部署。 部署运行后,我们将进行备份和还原演练,以确保Velero已配置并正常工作。
Ensure you are still working in the /tmp/velero-plugin-1.0.0 directory. The examples directory contains a sample Nginx manifest called nginx-example.yaml.
确保您仍在/tmp/velero-plugin-1.0.0目录中工作。 examples目录包含一个名为Nginx nginx-example.yaml的示例Nginx清单。
Open this file using your editor of choice:
使用您选择的编辑器打开此文件:
- nano examples/nginx-example.yaml 纳米示例/nginx-example.yaml
You should see the following text:
您应该看到以下文本:
Output
. . .
---
apiVersion: v1
kind: Namespace
metadata:
name: nginx-example
labels:
app: nginx
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: nginx-logs
namespace: nginx-example
labels:
app: nginx
spec:
storageClassName: do-block-storage
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deploy
namespace: nginx-example
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
volumes:
- name: nginx-logs
persistentVolumeClaim:
claimName: nginx-logs
containers:
- image: nginx:stable
name: nginx
ports:
- containerPort: 80
volumeMounts:
- mountPath: "/var/log/nginx"
name: nginx-logs
readOnly: false
---
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx
name: nginx-svc
namespace: nginx-example
spec:
ports:
- port: 80
targetPort: 80
selector:
app: nginx
type: LoadBalancer
In this file, we observe specs for:
在此文件中,我们遵守以下规范:
An Nginx namespace called
nginx-example一个名为
nginx-example的Nginx命名空间An Nginx Deployment consisting of a single replica of the
nginx:stablecontainer image由Nginx
nginx:stable容器映像的单个副本组成的Nginx部署A 5Gi Persistent Volume Claim (called
nginx-logs), using thedo-block-storageStorageClass使用
do-block-storageStorageClass的5Gi持久卷声明(称为nginx-logs)A
LoadBalancerService that exposes port80公开端口
80LoadBalancer服务
Create the objects using kubectl apply:
使用kubectl apply创建对象:
- kubectl apply -f examples/nginx-example.yaml kubectl apply -f例子/nginx-example.yaml
You should see the following output:
您应该看到以下输出:
Output
namespace/nginx-example created
persistentvolumeclaim/nginx-logs created
deployment.apps/nginx-deploy created
service/nginx-svc created
Check that the Deployment succeeded:
检查部署是否成功:
- kubectl get deployments --namespace=nginx-example kubectl获得部署--namespace = nginx-example
You should see the following output:
您应该看到以下输出:
Output
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-deploy 1/1 1 1 1m23s
Once Available reaches 1, fetch the Nginx load balancer’s external IP using kubectl get:
一旦Available达到1,则使用kubectl get获取Nginx负载均衡器的外部IP:
- kubectl get services --namespace=nginx-example kubectl获取服务--namespace = nginx-example
You should see both the internal CLUSTER-IP and EXTERNAL-IP for the my-nginx Service:
您应该同时看到my-nginx服务的内部CLUSTER-IP和EXTERNAL-IP :
Output
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-svc LoadBalancer 10.245.147.61 159.203.48.191 80:30232/TCP 3m1s
Note the EXTERNAL-IP and navigate to it using your web browser.
记下EXTERNAL-IP并使用Web浏览器导航到它。
You should see the following NGINX welcome page:
您应该看到以下NGINX欢迎页面:
This indicates that your Nginx Deployment and Service are up and running.
这表明您的Nginx部署和服务已启动并正在运行。
Before we simulate our disaster scenario, let’s first check the Nginx access logs (stored on a Persistent Volume attached to the Nginx Pod):
在模拟灾难场景之前,让我们首先检查Nginx访问日志(存储在连接到Nginx Pod的持久卷上):
Fetch the Pod’s name using kubectl get:
使用kubectl get获取Pod的名称:
- kubectl get pods --namespace nginx-example kubectl获取pods --namespace nginx-example
Output
NAME READY STATUS RESTARTS AGE
nginx-deploy-694c85cdc8-vknsk 1/1 Running 0 4m14s
Now, exec into the running Nginx container to get a shell inside of it:
现在, exec到正在运行的Nginx容器中以获取其中的shell:
kubectl exec -it nginx-deploy-694c85cdc8-vknsk --namespace nginx-example -- /bin/bash
kubectl exec -it nginx-deploy- 694c85cdc8-vknsk --namespace nginx-example-/ bin / bash
Once inside the Nginx container, cat the Nginx access logs:
一旦Nginx的容器,里面cat Nginx的访问日志:
- cat /var/log/nginx/access.log 猫/var/log/nginx/access.log
You should see some Nginx access entries:
您应该看到一些Nginx访问条目:
Output
10.244.0.119 - - [03/Jan/2020:04:43:04 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0" "-"
10.244.0.119 - - [03/Jan/2020:04:43:04 +0000] "GET /favicon.ico HTTP/1.1" 404 153 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0" "-"
Note these down (especially the timestamps), as we will use them to confirm the success of the restore procedure. Exit the pod:
请记下这些内容(尤其是时间戳记),因为我们将使用它们来确认还原过程是否成功。 退出广告连播:
- exit 出口
We can now perform the backup procedure to copy all nginx Kubernetes objects to Spaces and take a Snapshot of the Persistent Volume we created when deploying Nginx.
现在,我们可以执行备份过程,将所有nginx Kubernetes对象复制到Spaces,并拍摄我们在部署Nginx时创建的持久卷的快照。
We’ll create a backup called nginx-backup using the velero command line client:
我们将使用velero命令行客户端创建一个名为nginx-backup :
- velero backup create nginx-backup --selector app=nginx velero备份创建nginx-备份--selector app = nginx
The --selector app=nginx instructs the Velero server to only back up Kubernetes objects with the app=nginx Label Selector.
--selector app=nginx指示Velero服务器仅使用app=nginx标签选择器备份Kubernetes对象。
You should see the following output:
您应该看到以下输出:
Output
Backup request "nginx-backup" submitted successfully.
Run `velero backup describe nginx-backup` or `velero backup logs nginx-backup` for more details.
Running velero backup describe nginx-backup --details should provide the following output after a short delay:
运行velero backup describe nginx-backup --details在短暂延迟后应提供以下输出:
Output
Name: nginx-backup
Namespace: velero
Labels: velero.io/backup=nginx-backup
velero.io/pv=pvc-6b7f63d7-752b-4537-9bb0-003bed9129ca
velero.io/storage-location=default
Annotations: <none>
Phase: Completed
Namespaces:
Included: *
Excluded: <none>
Resources:
Included: *
Excluded: <none>
Cluster-scoped: auto
Label selector: app=nginx
Storage Location: default
Snapshot PVs: auto
TTL: 720h0m0s
Hooks: <none>
Backup Format Version: 1
Started: 2020-01-02 23:45:30 -0500 EST
Completed: 2020-01-02 23:45:34 -0500 EST
Expiration: 2020-02-01 23:45:30 -0500 EST
Resource List:
apps/v1/Deployment:
- nginx-example/nginx-deploy
apps/v1/ReplicaSet:
- nginx-example/nginx-deploy-694c85cdc8
v1/Endpoints:
- nginx-example/nginx-svc
v1/Namespace:
- nginx-example
v1/PersistentVolume:
- pvc-6b7f63d7-752b-4537-9bb0-003bed9129ca
v1/PersistentVolumeClaim:
- nginx-example/nginx-logs
v1/Pod:
- nginx-example/nginx-deploy-694c85cdc8-vknsk
v1/Service:
- nginx-example/nginx-svc
Persistent Volumes:
pvc-6b7f63d7-752b-4537-9bb0-003bed9129ca:
Snapshot ID: dfe866cc-2de3-11ea-9ec0-0a58ac14e075
Type: ext4
Availability Zone:
IOPS: <N/A>
This output indicates that nginx-backup completed successfully. The list of resources shows each of the Kubernetes objects that was included in the backup. The final section shows the PersistentVolume was also backed up using a filesystem snapshot.
此输出表明nginx-backup成功完成。 资源列表显示了备份中包含的每个Kubernetes对象。 最后一部分显示PersistentVolume也已使用文件系统快照备份。
To confirm from within the DigitalOcean Cloud Control Panel, navigate to the Space containing your Kubernetes backup files.
要在DigitalOcean Cloud控制面板中进行确认,请导航至包含Kubernetes备份文件的空间。
You should see a new directory called nginx-backup containing the Velero backup files.
您应该看到一个名为nginx-backup的新目录,其中包含Velero备份文件。
Using the left-hand navigation bar, go to Images and then Snapshots. Within Snapshots, navigate to Volumes. You should see a Snapshot corresponding to the PVC listed in the above output.
使用左侧的导航栏,依次转到图像和快照 。 在“ 快照”中 ,导航到“ 卷” 。 您应该看到与以上输出中列出的PVC相对应的快照。
We can now test the restore procedure.
现在,我们可以测试还原过程了。
Let’s first delete the nginx-example Namespace. This will delete everything in the Namespace, including the Load Balancer and Persistent Volume:
让我们首先删除nginx-example命名空间。 这将删除命名空间中的所有内容,包括负载均衡器和持久卷:
- kubectl delete namespace nginx-example kubectl删除命名空间nginx-example
Verify that you can no longer access Nginx at the Load Balancer endpoint, and that the nginx-example Deployment is no longer running:
验证您不再可以在负载均衡器终结点上访问Nginx,并确认nginx-example部署不再运行:
- kubectl get deployments --namespace=nginx-example kubectl获得部署--namespace = nginx-example
Output
No resources found in nginx-example namespace.
We can now perform the restore procedure, once again using the velero client:
现在,我们可以再次使用velero客户端执行还原过程:
- velero restore create --from-backup nginx-backup velero restore create --from-backup nginx-backup
Here we use create to create a Velero Restore object from the nginx-backup object.
在这里,我们使用create从nginx-backup对象创建一个Velero Restore对象。
You should see the following output:
您应该看到以下输出:
- Restore request "nginx-backup-20200102235032" submitted successfully. 还原请求“ nginx-backup-20200102235032”已成功提交。
- Run `velero restore describe nginx-backup-20200102235032` or `velero restore logs nginx-backup-20200102235032` for more details. 运行`velero restore describe nginx-backup-20200102235032`或`velero restore日志nginx-backup-20200102235032了解更多详细信息。
Check the status of the restored Deployment:
检查还原的部署的状态:
- kubectl get deployments --namespace=nginx-example kubectl获得部署--namespace = nginx-example
Output
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-deploy 1/1 1 1 58s
Check for the creation of a Persistent Volume:
检查持久卷的创建:
- kubectl get pvc --namespace=nginx-example kubectl获取pvc --namespace = nginx-example
Output
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
nginx-logs Bound pvc-6b7f63d7-752b-4537-9bb0-003bed9129ca 5Gi RWO do-block-storage 75s
The restore also created a LoadBalancer. Sometimes the Service will be re-created with a new IP address. You will need to find the EXTERNAL-IP address again:
还原还创建了一个LoadBalancer。 有时,将使用新的IP地址重新创建服务。 您将需要再次找到EXTERNAL-IP地址:
- kubectl get services --namespace nginx-example kubectl get services --namespace nginx-example
Output
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-svc LoadBalancer 10.245.15.83 159.203.48.191 80:31217/TCP 97s
Navigate to the Nginx Service’s external IP once again to confirm that Nginx is up and running.
再次导航至Nginx服务的外部IP,以确认Nginx已启动并正在运行。
Finally, check the logs on the restored Persistent Volume to confirm that the log history has been preserved post-restore.
最后,检查已还原的Persistent Volume上的日志,以确认还原后已保留了日志历史记录。
To do this, once again fetch the Pod’s name using kubectl get:
为此,再次使用kubectl get获取Pod的名称:
- kubectl get pods --namespace nginx-example kubectl获取pods --namespace nginx-example
Output
NAME READY STATUS RESTARTS AGE
nginx-deploy-694c85cdc8-vknsk 1/1 Running 0 2m20s
Then exec into it:
然后exec到它:
kubectl exec -it nginx-deploy-694c85cdc8-vknsk --namespace nginx-example -- /bin/bash
kubectl exec -it nginx-deploy- 694c85cdc8-vknsk --namespace nginx-example-/ bin / bash
Once inside the Nginx container, cat the Nginx access logs:
一旦Nginx的容器,里面cat Nginx的访问日志:
- cat /var/log/nginx/access.log 猫/var/log/nginx/access.log
Output
10.244.0.119 - - [03/Jan/2020:04:43:04 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0" "-"
10.244.0.119 - - [03/Jan/2020:04:43:04 +0000] "GET /favicon.ico HTTP/1.1" 404 153 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0" "-"
You should see the same pre-backup access attempts (note the timestamps), confirming that the Persistent Volume restore was successful. Note that there may be additional attempts in the logs if you visited the Nginx landing page after you performed the restore.
您应该看到相同的备份前访问尝试(注意时间戳记),确认持久卷还原成功。 请注意,如果在执行还原后访问了Nginx登录页面,则日志中可能还会有其他尝试。
At this point, we’ve successfully backed up our Kubernetes objects to DigitalOcean Spaces, and our Persistent Volumes using Block Storage Volume Snapshots. We simulated a disaster scenario, and restored service to the test Nginx application.
至此,我们已经成功使用块存储卷快照将Kubernetes对象备份到DigitalOcean Spaces和持久卷。 我们模拟了灾难情况,并将服务还原到测试的Nginx应用程序。
结论 (Conclusion)
In this guide we installed and configured the Velero Kubernetes backup tool on a DigitalOcean-based Kubernetes cluster. We configured the tool to back up Kubernetes objects to DigitalOcean Spaces, and back up Persistent Volumes using Block Storage Volume Snapshots.
在本指南中,我们在基于DigitalOcean的Kubernetes集群上安装和配置了Velero Kubernetes备份工具。 我们配置了该工具以将Kubernetes对象备份到DigitalOcean Spaces,并使用块存储卷快照备份持久卷。
Velero can also be used to schedule regular backups of your Kubernetes cluster for disaster recovery. To do this, you can use the velero schedule command. Velero can also be used to migrate resources from one cluster to another.
Velero还可以用于计划Kubernetes群集的常规备份以进行灾难恢复 。 为此,您可以使用velero schedule命令。 Velero还可以用于将资源从一个群集迁移到另一个群集。
To learn more about DigitalOcean Spaces, consult the official Spaces documentation. To learn more about Block Storage Volumes, consult the Block Storage Volume documentation.
要了解有关DigitalOcean Spaces的更多信息,请查阅Spaces的官方文档 。 要了解有关块存储卷的更多信息,请查阅块存储卷文档 。
This tutorial builds on the README found in StackPointCloud’s ark-plugin-digitalocean GitHub repo.
本教程基于StackPointCloud的ark-plugin-digitalocean GitHub存储库中的自述文件。
2183
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
