用 k8up 把 PVC 備份到 S3
摘要:apiVersion: backup.appuio.ch/v1alpha1 kind: Restore metadata: name: restore2pvc namespace: default spec: backend: repoPasswordSecretRef: key: password name: backup s3: accessKeyIDSecretRef: key: token name: s3secret bucket: dustise endpoint: https://s3.amazonaws.com secretAccessKeySecretRef: key: key name: s3secret restoreMethod: folder: claimName: restore。k8up 會選擇命名空間中註解爲 appuio.ch/backup: "true" 的 PVC 進行備份,我們用下文的工作負載生成兩個 PVC,運行起來之後,兩個 PVC 分別掛載到容器的 /data1 和 /data2 目錄中,可以登錄到 Pod,在其中生成文件:。
k8up
是一個基於 Restic
的備份工具,可以一次性的或者週期性的把指定的 PVC 備份到 S3 協議的對象存儲上去,備份內容還可以使用 Restic 恢復到 S3 或者 PVC 上。除了 PVC,後續還可以用命令的方式,例如 mysqldump
,把數據庫等內容備份出來。
安裝和初始化
Helm 安裝即可:
helm repo add appuio https://charts.appuio.ch helm repo update helm install appuio/k8up
安裝過程會生成一系列的 CRD,會在後續步驟中使用。
後續過程中需要兩個 Secret,分別用來加密備份和訪問 S3:
$ kubectl create secret generic s3secret --from-literal token=[hidden] \
--from-literal key=[hidden]
secret/s3secret created
$ kubectl create secret generic backup --from-literal password=PassW0rd
secret/backup created
備份 PVC
k8up 會選擇命名空間中註解爲 appuio.ch/backup: "true"
的 PVC 進行備份,我們用下文的工作負載生成兩個 PVC,運行起來之後,兩個 PVC 分別掛載到容器的 /data1
和 /data2
目錄中,可以登錄到 Pod,在其中生成文件:
$ kubectl exec -it debugger-7b8f654484-hrcg9 bash bash-4.4# echo "Hello world" > /data/data.txt
創建一次性任務:
apiVersion: backup.appuio.ch/v1alpha1
kind: Backup
metadata:
name: backup-now
spec:
keepJobs: 4
backend:
repoPasswordSecretRef:
name: backup
key: password
s3:
endpoint: https://s3.amazonaws.com
bucket: dustise
accessKeyIDSecretRef:
name: s3secret
key: token
secretAccessKeySecretRef:
name: s3secret
key: key
查看 Pod 日誌:
$ kubectl logs -f k8up-1578112449-84d7d4d6cc-q6qsh 2020/01/04 14:30:10 [INFO] New backup job received backup-now in namespace default 2020/01/04 14:30:10 [INFO] Listing all PVCs with annotation appuio.ch/backup in namespace default 2020/01/04 14:30:10 [INFO] Adding data to list ... 2020/01/04 14:30:29 [INFO] default/backupjob-1578148210 is running 2020/01/04 14:30:37 [INFO] default/backupjob-1578148210 finished successfully
兩個卷的備份均已完成,查看 S3 的情況:
$ s3cmd la
DIR s3://dustise/data/
DIR s3://dustise/index/
DIR s3://dustise/keys/
DIR s3://dustise/snapshots/
2020-01-04 14:30 155 s3://dustise/config
發現已經初始化了一個備份結構。
還原
備份成功之後,我們希望還原一下,看看備份的內容。
新建一個 PVC 用作還原目標:
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: restore
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
創建一個還原命令:
apiVersion: backup.appuio.ch/v1alpha1
kind: Restore
metadata:
name: restore2pvc
namespace: default
spec:
backend:
repoPasswordSecretRef:
key: password
name: backup
s3:
accessKeyIDSecretRef:
key: token
name: s3secret
bucket: dustise
endpoint: https://s3.amazonaws.com
secretAccessKeySecretRef:
key: key
name: s3secret
restoreMethod:
folder:
claimName: restore
查看運行日誌:
$ kubectl logs -f k8up-1578112449-84d7d4d6cc-q6qsh 2020/01/04 14:43:45 [INFO] Received restore job restore-now in namespace default 2020/01/04 14:43:45 [INFO] default/restorejob-1578149025 is running 2020/01/04 14:43:45 [INFO] default/restorejob-1578149025 is running 2020/01/04 14:43:59 [INFO] default/restorejob-1578149025 is running 2020/01/04 14:44:15 [INFO] default/restorejob-1578149025 finished successfully
查看該卷內容,會發現其中有一個 data/data
目錄,包含了我們的備份內容。
附錄
連接
-
https://k8up.io/ -
https://github.com/restic/restic
源碼
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: debugger
name: debugger
spec:
replicas: 1
selector:
matchLabels:
app: debugger
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: debugger
spec:
containers:
- image: dustise/sleep
name: sleep
resources: {}
volumeMounts:
- name: data
mountPath: /data
volumes:
- name: data
persistentVolumeClaim:
claimName: data
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: data
annotations:
appuio.ch/backup: "true"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
