먼저 velero 를 EKS 내에 설치한다.
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
velero velero 1 2024-08-19 06:23:06.226760291 +0000 UTC deployed velero-7.1.5 1.14.0
helm chart repository url :
https://vmware-tanzu.github.io/helm-charts/
[ velero repo image ]
docker.io/velero/velero (for a container):
- Velero의 주 애플리케이션 이미지를 나타냅니다.
- 백업, 복원, 및 Kubernetes 클러스터의 데이터를 스냅샷하는 작업을 수행하는 Velero의 코어 기능을 제공합니다.
docker.io/velero/velero-plugin-for-aws (for an init container):
- AWS용 플러그인 이미지입니다.
- Velero가 AWS S3 버킷에 데이터를 백업하고, EBS 볼륨 스냅샷을 관리할 수 있도록 AWS에 필요한 통합 기능을 제공합니다.
위의 두 이미지를 사용해 velero helm chart 로 벨레로 어플리케이션을 배포한다.
그 외 배포시 지정 값:
벨레로 백업 내용 저장을 위한 s3 bucket name, s3 region, 생성할 velero backupstorage location 명, velero service account(eks) with iam role
Cross Account A에서 백업한 내용으로 B Account 에서 백업 Restore를 진행하여, velero service account 에 iam role 을 매칭하였다.
# example
Name: velero-service-account
Namespace: velero
Labels: app.kubernetes.io/instance=velero
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=velero
helm.sh/chart=velero-7.1.5
Annotations: eks.amazonaws.com/role-arn: arn:aws:iam::<account id>:role/blahblah-velero-role
meta.helm.sh/release-name: velero
meta.helm.sh/release-namespace: velero
그 다음 velero CLI 를 설치한다.
공식 문서: https://velero.io/docs/v1.10/basic-install/#install-the-cli:~:text=a%20Windows%20node.-,Install%20the%20CLI,choco%20install%20velero,-Install%20and%20configure
Install the CLI
Option 1: MacOS - Homebrew
On macOS, you can use Homebrew to install the velero client:
brew install velero
Option 2: GitHub release
Download the latest release’s tarball for your client platform.Extract the tarball:
tar -xvf <RELEASE-TARBALL-NAME>.tar.gz
Move the extracted velero binary to somewhere in your $PATH (/usr/local/bin for most users).
Option 3: Windows - Chocolatey
On Windows, you can use Chocolatey to install the velero client:
choco install velero
설치 후, velero CLI 를 통해 백업을 생성한다.
velero backup create my-eksbackup-2400112233 --storage-location my-backup-location-name --volume-snapshot-locations my-volume-snapshot-location
# you can check the backup status using by below commands.
velero backup describe my-eksbackup-2400112233
velero backup logs my-eksbackup-2400112233
velero backup get
velero backup-location get # or kubectl get backupstoragelocation -n velero
정상적일 경우, backup-location get 시 PHASE 가 available 이라고 나온다.
생성한 백업본을 바탕으로 복구 시 아래 명령어 (restore) 를 사용한다.
velero restore create --from-backup my-eksbackup-2400112233
velero restore logs <restored backup name>
velero restore describe <restored backup name>
지원되는 명령어 옵션을 미리 확인하여, 사용되지 않는 방식으로 명령어 입력을 하지 않도록 한다.
velero backup create [command] 설명(help):
Usage:
velero backup create NAME [flags]
Examples:
# Create a backup containing all resources.
velero backup create backup1
# Create a backup including only the nginx namespace.
velero backup create nginx-backup --include-namespaces nginx
# Create a backup excluding the velero and default namespaces.
velero backup create backup2 --exclude-namespaces velero,default
# Create a backup based on a schedule named daily-backup.
velero backup create --from-schedule daily-backup
# View the YAML for a backup that doesn't snapshot volumes, without sending it to the server.
velero backup create backup3 --snapshot-volumes=false -o yaml
# Wait for a backup to complete before returning from the command.
velero backup create backup4 --wait
Flags:
--csi-snapshot-timeout duration How long to wait for CSI snapshot creation before timeout.
--data-mover string Specify the data mover to be used by the backup. If the parameter is not set or set as 'velero', the built-in data mover will be used
--default-volumes-to-fs-backup optionalBool[=true] Use pod volume file system backup by default for volumes
--exclude-cluster-scoped-resources stringArray Cluster-scoped resources to exclude from the backup, formatted as resource.group, such as storageclasses.storage.k8s.io(use '*' for all resources). Cannot work with include-resources, exclude-resources and include-cluster-resources.
--exclude-namespace-scoped-resources stringArray Namespaced resources to exclude from the backup, formatted as resource.group, such as deployments.apps(use '*' for all resources). Cannot work with include-resources, exclude-resources and include-cluster-resources.
--exclude-namespaces stringArray Namespaces to exclude from the backup.
--exclude-resources stringArray Resources to exclude from the backup, formatted as resource.group, such as storageclasses.storage.k8s.io. Cannot work with include-cluster-scoped-resources, exclude-cluster-scoped-resources, include-namespace-scoped-resources and exclude-namespace-scoped-resources.
--from-schedule string Create a backup from the template of an existing schedule. Cannot be used with any other filters. Backup name is optional if used.
-h, --help help for create
--include-cluster-resources optionalBool[=true] Include cluster-scoped resources in the backup. Cannot work with include-cluster-scoped-resources, exclude-cluster-scoped-resources, include-namespace-scoped-resources and exclude-namespace-scoped-resources.
--include-cluster-scoped-resources stringArray Cluster-scoped resources to include in the backup, formatted as resource.group, such as storageclasses.storage.k8s.io(use '*' for all resources). Cannot work with include-resources, exclude-resources and include-cluster-resources.
--include-namespace-scoped-resources stringArray Namespaced resources to include in the backup, formatted as resource.group, such as deployments.apps(use '*' for all resources). Cannot work with include-resources, exclude-resources and include-cluster-resources.
--include-namespaces stringArray Namespaces to include in the backup (use '*' for all namespaces). (default *)
--include-resources stringArray Resources to include in the backup, formatted as resource.group, such as storageclasses.storage.k8s.io (use '*' for all resources). Cannot work with include-cluster-scoped-resources, exclude-cluster-scoped-resources, include-namespace-scoped-resources and exclude-namespace-scoped-resources.
--item-operation-timeout duration How long to wait for async plugin operations before timeout.
-L, --label-columns stringArray Accepts a comma separated list of labels that are going to be presented as columns. Names are case-sensitive. You can also use multiple flag options like -L label1 -L label2...
--labels mapStringString Labels to apply to the backup.
--or-selector orLabelSelector Backup resources matching at least one of the label selector from the list. Label selectors should be separated by ' or '. For example, foo=bar or app=nginx
--ordered-resources string Mapping Kinds to an ordered list of specific resources of that Kind. Resource names are separated by commas and their names are in format 'namespace/resourcename'. For cluster scope resource, simply use resource name. Key-value pairs in the mapping are separated by semi-colon. Example: 'pods=ns1/pod1,ns1/pod2;persistentvolumeclaims=ns1/pvc4,ns1/pvc8'. Optional.
-o, --output string Output display format. For create commands, display the object but do not send it to the server. Valid formats are 'table', 'json', and 'yaml'. 'table' is not valid for the install command.
--parallel-files-upload int Number of files uploads simultaneously when running a backup. This is only applicable for the kopia uploader
--resource-policies-configmap string Reference to the resource policies configmap that backup using
-l, --selector labelSelector Only back up resources matching this label selector. (default <none>)
--show-labels Show labels in the last column
--snapshot-move-data optionalBool[=true] Specify whether snapshot data should be moved
--snapshot-volumes optionalBool[=true] Take snapshots of PersistentVolumes as part of the backup. If the parameter is not set, it is treated as setting to 'true'.
--storage-location string Location in which to store the backup.
--ttl duration How long before the backup can be garbage collected.
--volume-snapshot-locations strings List of locations (at most one per provider) where volume snapshots should be stored.
-w, --wait Wait for the operation to complete.
Global Flags:
--add_dir_header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)
--colorized optionalBool Show colored output in TTY. Overrides 'colorized' value from $HOME/.config/velero/config.json if present. Enabled by default
--features stringArray Comma-separated list of features to enable for this Velero process. Combines with values from $HOME/.config/velero/config.json if present
--kubeconfig string Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
--kubecontext string The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory (no effect when -logtostderr=true)
--log_file string If non-empty, use this log file (no effect when -logtostderr=true)
--log_file_max_size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
-n, --namespace string The namespace in which Velero should operate (default "velero")
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
--stderrthreshold severity logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=true) (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
velero backup-location [command] 설명(help):
Usage:
velero backup-location [command]
Available Commands:
create Create a backup storage location
delete Delete backup storage locations
get Get backup storage locations
set Set specific features for a backup storage location
Flags:
-h, --help help for backup-location
Global Flags:
--add_dir_header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)
--colorized optionalBool Show colored output in TTY. Overrides 'colorized' value from $HOME/.config/velero/config.json if present. Enabled by default
--features stringArray Comma-separated list of features to enable for this Velero process. Combines with values from $HOME/.config/velero/config.json if present
--kubeconfig string Path to the kubeconfig file to use to talk to the Kubernetes apiserver. If unset, try the environment variable KUBECONFIG, as well as in-cluster configuration
--kubecontext string The context to use to talk to the Kubernetes apiserver. If unset defaults to whatever your current-context is (kubectl config current-context)
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory (no effect when -logtostderr=true)
--log_file string If non-empty, use this log file (no effect when -logtostderr=true)
--log_file_max_size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
-n, --namespace string The namespace in which Velero should operate (default "velero")
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
--stderrthreshold severity logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=true) (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging