클라우드/AWS
[AWS] EKS backup (velero)
Cloud_Park
2023. 5. 13. 18:53
2023.05.13 - [클라우드/AWS] - [AWS] EKS EBS Snapshots
EBS 스냅샷의 기능도 있지만 클러스터 단위의 전체 백업이 필요하거나 네임스페이스 단위의 백업이 필요한 경우 velero를 사용하게 된다.
velero는 pv의 내용도 백업하기 때문에 EBS Snapshot 기능보다 백업 범위가 넓은 점 참고하여 테스트 진행해보자.
참고 (https://hanhorang31.github.io/post/pkos2-2-localstorage/)
생성 순서
1. s3 버킷 접근을 윈한 IAM USER ID 와 키 생성
aws s3 mb s3://<bucket-name> --region ap-northeast-2
2. 정책 추가
# 버킷 변수 설정
export BUCKET=<bucket-name>
# IAM Policy 생성
cat > velero-policy.json <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeVolumes",
"ec2:DescribeSnapshots",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:CreateSnapshot",
"ec2:DeleteSnapshot"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts"
],
"Resource": [
"arn:aws:s3:::${BUCKET}/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::${BUCKET}"
]
}
]
}
EOF
# IAM Policy Attach
aws iam put-user-policy \
--user-name velero \
--policy-name velero \
--policy-document file://velero-policy.json
# IAM user 정보 가져오기
aws iam create-access-key --user-name velero
---------------------------------
{
"AccessKey": {
"UserName": "velero",
"AccessKeyId": "{ID}", # 밑의 credentials-velero ID에 저장
"Status": "Active",
"SecretAccessKey": "{KEY}", # 밑의 credentials-velero KEY에 저장
"CreateDate": "2023-03-16T04:31:23+00:00"
}
}
# credentials-velero 생성 및 IAM 정보 저장
cat << EOF > credentials-velero
[default]
aws_access_key_id=<AWS_ACCESS_KEY_ID>
aws_secret_access_key=<AWS_SECRET_ACCESS_KEY>
EOF
3. velero 설치 (버전은 현재 날짜에 맞는 버전을 확인하여 진행한다.)
# arch 확인
uname -m
---------------------------------
x86_64
# velero CLI 설치
wget https://github.com/vmware-tanzu/velero/releases/download/v1.9.6/velero-v1.9.6-linux-amd64.tar.gz
tar xzvf velero-v1.9.6-linux-amd64.tar.gz
cp velero-v1.9.6-linux-amd64/velero ~/bin
# CLI 확인
velero
---------------------------------
Velero is a tool for managing disaster recovery, specifically for Kubernetes
cluster resources. It provides a simple, configurable, and operationally robust
way to back up your application state and associated data.
If you're familiar with kubectl, Velero supports a similar model, allowing you to
execute commands such as 'velero get backup' and 'velero create schedule'. The same
operations can also be performed as 'velero backup get' and 'velero schedule create'.
export BUCKET=<bucket-name>
export REGION=ap-northeast-2
velero install \
--provider aws \
--bucket $BUCKET \
--secret-file ./credentials-velero \
--backup-location-config region=$REGION \
--use-volume-snapshots=false \
--plugins velero/velero-plugin-for-aws:v1.3.0 \
--use-restic
---------------------------------
...
Deployment/velero: created
DaemonSet/restic: attempting to create resource
DaemonSet/restic: attempting to create resource client
DaemonSet/restic: created
Velero is installed! ⛵ Use 'kubectl logs deployment/velero -n velero' to view the status.
# Velero 확인
kubectl get all -n velero
NAME READY STATUS RESTARTS AGE
pod/restic-f5ngz 1/1 Running 0 38s
pod/restic-x9sk9 1/1 Running 0 37s
pod/velero-5f6657d4c8-jttxv 1/1 Running 0 38s
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/restic 2 2 2 2 2 <none> 38s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/velero 1/1 1 1 38s
NAME DESIRED CURRENT READY AGE
replicaset.apps/velero-5f6657d4c8 1 1 1 38s
...
4. 백업
pod의 데이터의 백업을 원한다면 annotate을 등록하는 작업이 필요하다.
# 주석 추가 pod에 볼륨 정보를 추가
kubectl annotate pod/mysql-0 backup.velero.io/backup-volumes=data
# 백업
velero backup create mysql --include-namespaces default --wait
---------------------------------
Backup request "mysql" submitted successfully.
Waiting for backup to complete. You may safely press ctrl-c to stop waiting - your backup will continue in the background.
..................
Backup completed with status: Completed. You may check for more information using the commands `velero backup describe mysql` and `velero backup logs mysql`.
# 백업 목록 확인
velero get backup
---------------------------------
NAME STATUS ERRORS WARNINGS CREATED EXPIRES STORAGE LOCATION SELECTOR
mysql Completed 0 0 2023-03-16 14:22:39 +0900 KST 29d default <none>
복원
#mysql 지우기
kubectl delete -f ./
kubectl delete pvc/<PVC 볼륨>
#velero 복원
velero restore create --from-backup mysql --wait
---------------------------------
Restore request "mysql-20230316155542" submitted successfully.
Waiting for restore to complete. You may safely press ctrl-c to stop waiting - your restore will continue in the background.
...........
Restore completed with status: Completed. You may check for more information using the commands `velero restore describe mysql-20230316155542` and `velero restore logs mysql-20230316155542`.
# 쿠버네티스 리소스 복원 확인
kubectl get all
---------------------------------
NAME READY STATUS RESTARTS AGE
pod/mysql-0 2/2 Running 0 39s
pod/mysql-1 0/2 Init:CrashLoopBackOff 2 (18s ago) 39s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 100.64.0.1 <none> 443/TCP 4h39m
service/mysql ClusterIP None <none> 3306/TCP 39s
service/mysql-read ClusterIP 100.69.52.194 <none> 3306/TCP 39s
kubectl get pv
---------------------------------
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pvc-601b919a-cf20-4478-9f28-10d541c66844 10Gi RWO Delete Bound default/data-mysql-0 local-path 71s
pvc-b8a766a6-411f-47df-a548-d6b0ee091ea1 10Gi RWO Delete Bound default/data-mysql-1 local-path 70s
# Mysql data 확인
kubectl exec -it pod/mysql-0 -- /bin/bash
---------------------------------
Defaulted container "mysql" out of: mysql, xtrabackup, restic-wait (init), init-mysql (init), clone-mysql (init)
bash-4.2# mysql -u root -p
---------------------------------
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 73
Server version: 5.7.41-log MySQL Community Server (GPL)
mysql> use testdb;
---------------------------------
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
---------------------------------
mysql> select * from test;
+------+--------------------+
| name | testdata |
+------+--------------------+
| han | mysql example test |
+------+--------------------+
1 row in set (0.01 sec)
스케줄 넣기
velero schedule create mysql-crontab --include-namespaces default --schedule="*/5 * *
복구 시 고려사항
파일시스템 레벨의 마이그레이션을 한다.
복원은 버전이 낮은 곳으로는 불가능하다.
마이그레이션시 crd와 같은 호환성을 사전에 체크해야된다.
CSP에 따라 리전간 마이그레이션은 불가능하다. (AWS, Azure)