k8s minio_使用k10和带有minio的kanister变异Web钩子备份和还原k8

k8s minio

If you’ve just stumbled upon looking up for ways to backup and restore containerised stateful workload on Kubernetes, then I hope you won’t get disappointed. Before you delve into this more a word of caution this one is for specific use case not a typical one, that’s the reason of this blog.

如果您只是偶然发现了在Kubernetes上备份和还原容器化有状态工作负载的方法，那么希望您不要失望。 在深入研究之前，请谨慎使用，这是针对特定用例而不是典型的用例，这就是此博客的原因。

Here I am going to show you how to deploy a simple stateful MySQL POD deployment and injecting some data and give you intricacies and details of using Kasten and Kanister with screenshots and commands which will help you understand how it woks and try it yourselves like DIY.

在这里，我将向您展示如何部署一个简单的有状态MySQL POD部署并注入一些数据，并为您提供使用Kasten和Kanister的复杂性和详细信息以及屏幕截图和命令，这些信息将帮助您了解它的运行方式，并像DIY一样尝试一下。

I would highly recommend you have a look at my earlier blog on backup and restore of applications running on Kubernetes using Velero.

我强烈建议您浏览我以前的博客，该博客使用Velero备份和还原在Kubernetes上运行的应用程序。

There are glaring differences between how Velero and Kasten works in this space of backup and restore of Kubernetes applications. I don’t want to provide what those difference are or their pros or cons, because I guess that will bring in bias to the reader.

Velero和Kasten在Kubernetes应用程序的备份和还原空间中的工作方式之间存在明显差异。 我不想提供这些区别是什么或它们的优缺点，因为我想这会给读者带来偏见。

One thing you should know before you read on is that Kasten K10 Platform is proprietary and comes with license, though for smaller deployments it’s free, and they have different variants of pricing. But Kanister is an OpenSource project from Kasten(like Velero(heptio ark) is an Open Source project from VMware)

在继续阅读之前，您应该了解的一件事是，Kasten K10平台是专有的并带有许可证，尽管对于较小的部署，它是免费的，并且它们具有不同的定价方式。 但是Kanister是Kasten的开源项目(就像Velero(heptio ark)是VMware的开源项目一样)

What is Mutating Web Hooks?

什么是变异网钩？

For understanding this you’ll need to understand “Dynamic Admission Control” and what it is in Kubernetes.

为了理解这一点，您需要了解“动态准入控制”及其在Kubernetes中的含义。

An admission controller is a piece of code that intercepts requests to the Kubernetes API server prior to persistence of the object, but after the request is authenticated and authorised. […] Admission controllers may be “validating”, “mutating”, or both. Mutating controllers may modify the objects they admit; validating controllers may not. […] If any of the controllers in either phase reject the request, the entire request is rejected immediately and an error is returned to the end-user.

一个 接纳控制器是一段代码之前拦截请求到Kubernetes API服务器到持久性的对象，但该请求被认证和授权之后。 […]准入控制器可能是“正在验证”，“正在变异”或两者兼而有之。 变异控制器可以修改其允许的对象； 验证控制器可能不会。 […]如果任一阶段中的任何控制器拒绝该请求，则整个请求将立即被拒绝，并且错误将返回给最终用户。

Many advanced features in Kubernetes require an admission controller to be enabled in order to properly support the feature. As a result, a Kubernetes API server that is not properly configured with the right set of admission controllers is an incomplete server and will not support all the features you expect. There are list of Admission Controllers and lot of features native to Kubernetes are done by the Admission Controllers.

Kubernetes中的许多高级功能都需要启用接纳控制器才能正确支持该功能。 因此，未正确配置正确的访问控制器集的Kubernetes API服务器是不完整的服务器，将不支持您期望的所有功能。 这里有准入控制器列表，而Kubernetes固有的许多功能都是由准入控制器完成的。

Webhooks

网络挂钩

MutatingAdmissionWebhook and ValidatingAdmissionWebhook are the ones used here. If you want to read more about MutatingAdmissionWebhook there is nicely written blog by Alex Leonhardt on this topic.

这里使用MutatingAdmissionWebhook和ValidatingAdmissionWebhook。 如果您想了解有关MutatingAdmissionWebhook的更多信息，请参阅Alex Leonhardt撰写的有关该主题的精美博客 。

There are different use cases for MutatingAdmissionWebhook, one among them is for injecting Sidecar into your workload or application. K10 implements a Mutating Webhook Server which mutates workload objects by injecting a Kanister sidecar into the workload when the workload is created(Read more..)

MutatingAdmissionWebhook有多种用例，其中一种是将Sidecar注入您的工作负载或应用程序中。 K10实现了一个可变Webhook服务器，该服务器通过在创建工作负载时将Kanister边车注入工作负载来使工作负载对象发生变化( 阅读更多.. )

The Kubernetes cluster I am using is IBM Cloud IKS and my workload runs in this managed service platform. As of today the underlying storage provider used in IKS doesn’t support K10 so the route it takes to overcome that limitatio