# 备份恢复 [Velero](https://velero.io/) 是一个提供 Kubernetes 集群和持久卷的备份、迁移以及灾难恢复等的开源工具。 ## 安装 从 下载最新的稳定版。 以 Azure 为例,安装 Velero 需要以下步骤: (1) 创建存储账户 ```bash AZURE_BACKUP_RESOURCE_GROUP=Velero_Backups az group create -n $AZURE_BACKUP_RESOURCE_GROUP --location WestUS AZURE_STORAGE_ACCOUNT_ID="velero$(uuidgen | cut -d '-' -f5 | tr '[A-Z]' '[a-z]')" az storage account create \ --name $AZURE_STORAGE_ACCOUNT_ID \ --resource-group $AZURE_BACKUP_RESOURCE_GROUP \ --sku Standard_GRS \ --encryption-services blob \ --https-only true \ --kind BlobStorage \ --access-tier Hot BLOB_CONTAINER=velero az storage container create -n $BLOB_CONTAINER --public-access off --account-name $AZURE_STORAGE_ACCOUNT_ID ``` (2)创建 service principal ```bash AZURE_RESOURCE_GROUP= AZURE_SUBSCRIPTION_ID=`az account list --query '[?isDefault].id' -o tsv` AZURE_TENANT_ID=`az account list --query '[?isDefault].tenantId' -o tsv` AZURE_CLIENT_SECRET=`az ad sp create-for-rbac --name "velero" --role "Contributor" --query 'password' -o tsv` AZURE_CLIENT_ID=`az ad sp list --display-name "velero" --query '[0].appId' -o tsv` cat << EOF > ./credentials-velero AZURE_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID} AZURE_TENANT_ID=${AZURE_TENANT_ID} AZURE_CLIENT_ID=${AZURE_CLIENT_ID} AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET} AZURE_RESOURCE_GROUP=${AZURE_RESOURCE_GROUP} EOF ``` (3)启动 Velero ```bash velero install \ --provider azure \ --bucket $BLOB_CONTAINER \ --secret-file ./credentials-velero \ --backup-location-config resourceGroup=$AZURE_BACKUP_RESOURCE_GROUP,storageAccount=$AZURE_STORAGE_ACCOUNT_ID \ --snapshot-location-config apiTimeout= ``` ## 备份 创建定期备份: ```bash velero schedule create --schedule "0 7 * * *" ``` ## 灾难恢复 ```bash # Update your backup storage location to read-only mode kubectl patch backupstoragelocation \ --namespace velero \ --type merge \ --patch '{"spec":{"accessMode":"ReadOnly"}}' # Create a restore with your most recent Velero Backup velero restore create --from-backup - # When ready, revert your backup storage location to read-write mode kubectl patch backupstoragelocation \ --namespace velero \ --type merge \ --patch '{"spec":{"accessMode":"ReadWrite"}}' ``` ## 迁移 首先,在集群 1 中创建备份(默认 TTL 是 30 天,你可以使用 --ttl 来修改): ```bash velero backup create ``` 然后,为集群 2 配置 BackupStorageLocations 和 VolumeSnapshotLocations,指向与集群 1 相同的备份和快照路径,并确保 BackupStorageLocations 是只读的(使用 --access-mode=ReadOnly)。接下来,稍微等一会(默认的同步时间为 1 分钟),等待 Backup 对象创建成功。 ```bash # The default sync interval is 1 minute, so make sure to wait before checking. # You can configure this interval with the --backup-sync-period flag to the Velero server. velero backup describe ``` 最后,执行数据恢复: ```bash velero restore create --from-backup velero restore get velero restore describe ``` ## 参考文档 * --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://kubernetes.feisky.xyz/practice/backup.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.