1.我这边采用的是minio的对象存储;我用的docker起的minio;
这里设置的minio的用户名和密码要记住,后面velero要用;
[root@localhost ~]# docker run -p 9000:9000 -p 9001:9001 --name minio1 -v ~/minio/data:/data -e "MINIO_ROOT_USER=admin" -e "MINIO_ROOT_PASSWORD=adminminio" quay.io/minio/minio server /data --console-address ":9001"
minio部署完成后在里面创建一个bucket;
2.部署velero;
wget https://github.com/vmware-tanzu/velero/releases/download/v1.8.1/velero-v1.8.1-linux-amd64.tar.gz tar xvf velero-v1.8.1-linux-amd64.tar.gz cp velero-v1.8.1-linux-amd64/velero /usr/local/bin/ velero --help
3.配置velero的认证环境;
mkdir /data/velero -p && cd /data/velero
4.认证文件;这里的用户名和密码就是minio的用户名和密码;
vim velero-auth.txt [default] aws_access_key_id = admin aws_secret_access_key = adminminio
5.准备user-csr文件;
vim awsuser-csr.json
{
"CN": "awsuser",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "HangZHou",
"L": "HangZHou",
"O": "k8s",
"OU": "System"
}
]
}
6.准备证书签发环境;可以直接从github上下载下来再上传到主机;
https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl_1.6.1_linux_amd64 https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssljson_1.6.1_linux_amd64 https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl-certinfo_1.6.1_linux_amd64 mv cfssl-certinfo_1.6.1_linux_amd64 cfssl-certinfo mv cfssl_1.6.1_linux_amd64 cfss mv cfssljson_1.6.1_linux_amd64 cfssljson cp cfssl-certinfo cfssl cfssljson /usr/local/bin/ chmod a+x /usr/local/bin/cfssl*
7.执行证书签发;这里的ca和ca-key是代表安装k8s集群时的证书目录,根据自己实际的目录进行修改;
/usr/local/bin/cfssl gencert -ca=/etc/kubernetes/pki/ca.crt -ca-key=/etc/kubernetes/pki/ca.key -profile=kubernetes ./awsuser-csr.json | cfssljson -bare awsuser
8.验证证书;
ll awsuser* -rw-r--r-- 1 root root 220 Apr 14 12:29 awsuser-csr.json -rw------- 1 root root 1679 Apr 14 12:30 awsuser-key.pem -rw-r--r-- 1 root root 997 Apr 14 12:30 awsuser.csr -rw-r--r-- 1 root root 1387 Apr 14 12:30 awsuser.pem
9.分发证书到api-server证书路径;
cp awsuser-key.pem /etc/kubernetes/pki/ cp awsuser.pem /etc/kubernetes/pki/
10.生成集群认证config文件;
export KUBE_APISERVER="https://10.0.0.11:6443"
kubectl config set-cluster kubernetes
--certificate-authority=/etc/kubernetes/pki/ca.crt
--embed-certs=true
--server=${KUBE_APISERVER}
--kubeconfig=./awsuser.kubeconfig
11.设置客户端证书认证;
kubectl config set-credentials awsuser --client-certificate=/etc/kubernetes/pki/awsuser.pem --client-key=/etc/kubernetes/ssl/awsuser-key.pem --embed-certs=true --kubeconfig=./awsuser.kubeconfig
12.设置上下文参数;
kubectl config set-context kubernetes --cluster=kubernetes --user=awsuser --namespace=velero-system --kubeconfig=./awsuser.kubeconfig
13.设置默认上下文;
kubectl config use-context kubernetes --kubeconfig=awsuser.kubeconfig
14.k8s集群中创建awsuser账户;
kubectl create clusterrolebinding awsuser --clusterrole=cluster-admin --user=awsuser
15.创建namespace;
kubectl create ns velero-system
16.执行安装;bucket就是minio里面创建的bucket;最后的时minio存储的地址,根据个人的地址进行替换;
velero --kubeconfig ./awsuser.kubeconfig
install
--provider aws
--plugins velero/velero-plugin-for-aws:v1.3.1
--bucket velerodata
--secret-file ./velero-auth.txt
--use-volume-snapshots=false
--namespace velero-system
--backup-location-config region=minio,s3ForcePathStyle="true",s3Url=http://10.0.0.251:9000
17.验证安装,查看pod是否起来;
[root@master01 ~]# kubectl get pods -n velero-system NAME READY STATUS RESTARTS AGE velero-f7c9588d7-7jmpj 1/1 Running 0 80m
18.velero给我们提供了一个测试的nginxpod,我们创建此pod并备份;
[root@master01 ~]# kubectl apply -f /usr/local/src/velero-v1.8.1-linux-amd64/examples/nginx-app/base.yaml
备份:
[root@master01 velero]# DATE=`date +%Y%m%d%H%M%S`
[root@master01 velero]# velero backup create nginx-ns-backup-${DATE} --include-namespaces nginx-example --kubeconfig=./awsuser.kubeconfig --namespace velero-system
#我这里是按时间戳来备份的;
#nginx-ns-backup-${DATE} 备份的名称
#--include-namespaces 要备份的名称空间
#--namespace velero的名称空间
备份完成后我们可以在minio中的bucket里面看到创建的备份;
19.我们删除pod,测试恢复;
kubectl delete -n nginx-example deployment nginx-deployment 恢复: velero restore create --from-backup nginx-ns-backup-20220421122457 --wait --kubeconfig=./awsuser.kubeconfig --namespace velero-system 查看pod是否被恢复 kubectl get pods -n nginx-example
