Velero部署及测试

1. 安装

#从gitlab下载安装二进制包解压，在k8s master上执行
./velero install \
  --provider aws \
  --plugins velero/velero-plugin-for-aws:v1.9.2 \
  --bucket velero-backups \
  --secret-file ./user-minio \
  --use-volume-snapshots=false \
  --backup-location-config region=minio,s3ForcePathStyle="true",s3Url=http://192.168.100.93:9002 \
  --use-node-agent \
  --default-volumes-to-fs-backup \
  --namespace velero
#需要注意minio 端口，velero-plugin-for-aws:v1.9.2版本需要根据集群版本修改，参考gitlab，
# user-minio文件内容，minio的用户密码
[default]
aws_access_key_id=admin
aws_secret_access_key=admin123456

2.卸载

# 完全卸载
./velero uninstall --force
kubectl delete namespace velero
sleep 20

3.备份

# 创建包含默认命名空间的测试备份
./velero backup create first-test-backup --include-namespaces default --wait

# 或者备份整个集群（排除系统命名空间）
./velero backup create full-test-backup \
  --exclude-namespaces kube-system,kube-public,kube-node-lease \
  --wait
# 列出所有备份
./velero backup get

# 查看备份详情
./velero backup describe first-test-backup

# 查看备份日志
./velero backup logs first-test-backup
# 查看备份中的资源
./velero backup describe first-test-backup --details

# 检查备份文件是否写入到 MinIO
[root@master velero-v1.13.2-linux-amd64]# aws configure set aws_access_key_id admin
[root@master velero-v1.13.2-linux-amd64]# aws configure set aws_secret_access_key admin123456
[root@master velero-v1.13.2-linux-amd64]# aws configure set region us-east-1
[root@master velero-v1.13.2-linux-amd64]# aws configure set s3.endpoint_url http://192.168.100.93:9002
[root@master velero-v1.13.2-linux-amd64]# aws configure set s3.path_style true
aws --endpoint-url http://192.168.100.93:9002 s3 ls s3://velero-backups/backups/full-test-backup/

4. 测试恢复功能

# 创建测试命名空间用于恢复测试
kubectl create namespace velero-test

# 在测试命名空间创建一些资源
kubectl create deployment nginx --image=nginx:latest -n velero-test
kubectl create configmap test-config --from-literal=key=value -n velero-test

# 备份测试命名空间
./velero backup create restore-test --include-namespaces velero-test --wait

# 删除测试命名空间（模拟灾难）
kubectl delete namespace velero-test

# 从备份恢复
./velero restore create --from-backup restore-test test-restore --wait

# 验证恢复
kubectl get all -n velero-test

5.测试带有pvc存储的恢复

#创建一个pvc
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nginx-pvc-velero
  namespace: velero-test
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: nas-nfs
# 创建deployment
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-velero-test
  namespace: velero-test
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-velero-test
  template:
    metadata:
      labels:
        app: nginx-velero-test
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - containerPort: 80
        volumeMounts:
        - name: nginx-data
          mountPath: /usr/share/nginx/html
      volumes:
      - name: nginx-data
        persistentVolumeClaim:
          claimName: nginx-pvc-velero
#进入pod
kubectl exec -it -n velero-test nginx-velero-test-7db9c44fd5-kpqch -- bash
#写入index.html
echo "Hello Velero" > /usr/share/nginx/html/index.html
#备份velero-test整个集群
velero backup create nginx-backup-ns \
  --include-namespaces velero-test \
  --default-volumes-to-fs-backup
#删除namespace
kubectl delete ns velero-test
#恢复namespace
velero restore create --from-backup nginx-backup-ns
#查看index.html 文件及pod pvc是否恢复成功