vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
c67db09e953b51e4bd45791e3d8e364b1f2a64b8
doc-exports/docs/cce/umn/cce_bestpractice_0310.html
Dong, Qiu Jian 3d9cca138b CCE UMN: Added the support of the OS for features and cluster versions. 
Reviewed-by: Eotvos, Oliver <oliver.eotvos@t-systems.com>
Co-authored-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
Co-committed-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
2023-06-20 14:52:27 +00:00

134 lines
22 KiB
HTML
Raw Blame History

<a name="cce_bestpractice_0310"></a><a name="cce_bestpractice_0310"></a>
<h1 class="topictitle1">Installing the Migration Tool</h1>
<div id="body0000001172022292"><p id="cce_bestpractice_0310__p3809931112915">Velero is an open-source backup and migration tool for Kubernetes clusters. It integrates the persistent volume (PV) data backup capability of the Restic tool and can be used to back up Kubernetes resource objects (such as Deployments, jobs, Services, and ConfigMaps) in the source cluster. Data in the PV mounted to the pod is backed up and uploaded to the object storage. When a disaster occurs or migration is required, the target cluster can use Velero to obtain the corresponding backup data from OBS and restore cluster resources as required.</p>
<p id="cce_bestpractice_0310__p1411654112223">According to <a href="cce_bestpractice_0307.html#cce_bestpractice_0307__section96147345128">Migration Solution</a>, you need to prepare temporary object storage to store backup files before the migration. Velero supports OSB or <strong id="cce_bestpractice_0310__b1312245414411"><a href="https://min.io/" target="_blank" rel="noopener noreferrer">MinIO</a></strong> as the object storage. OBS requires sufficient storage space for storing backup files. You can estimate the storage space based on your cluster scale and data volume. You are advised to use OBS for backup. For details about how to deploy Velero, see <a href="#cce_bestpractice_0310__section138392220432">Installing Velero</a>.</p>
<div class="section" id="cce_bestpractice_0310__section359172610485"><h4 class="sectiontitle">Prerequisites</h4><ul id="cce_bestpractice_0310__ul6273183844819"><li id="cce_bestpractice_0310__li20273193884812">The Kubernetes version of the source on-premises cluster must be 1.10 or later, and the cluster can use DNS and Internet services properly.</li><li id="cce_bestpractice_0310__li155136174411">If you use OBS to store backup files, you need to obtain the AK/SK of a user who has the right to operate OBS. For details, see <a href="https://docs.otc.t-systems.com/en-us/api/obs/obs_04_0116.html" target="_blank" rel="noopener noreferrer">Obtaining Access Keys (AK/SK)</a>.</li><li id="cce_bestpractice_0310__li1891954012534">If you use MinIO to store backup files, bind an EIP to the server where MinIO is installed and enable the API and console port of MinIO in the security group.</li><li id="cce_bestpractice_0310__li134135186499">The target CCE cluster has been created.</li><li id="cce_bestpractice_0310__li559517319329">The source cluster and target cluster must each have at least one idle node. It is recommended that the node specifications be 4 vCPUs and 8 GB memory or higher.</li></ul>
</div>
<div class="section" id="cce_bestpractice_0310__section181263714271"><h4 class="sectiontitle">Installing MinIO</h4><p id="cce_bestpractice_0310__p6796542102519">MinIO is an open-source, high-performance object storage tool compatible with the S3 API protocol. If MinIO is used to store backup files for cluster migration, you need a temporary server to deploy MinIO and provide services for external systems. If you use OBS to store backup files, skip this section and go to <a href="#cce_bestpractice_0310__section138392220432">Installing Velero</a>.</p>
<p id="cce_bestpractice_0310__p14624847191214">MinIO can be installed in any of the following locations:</p>
<ul id="cce_bestpractice_0310__ul3285524012"><li id="cce_bestpractice_0310__li206713119817">Temporary ECS outside the cluster<p id="cce_bestpractice_0310__p20732133911221"><a name="cce_bestpractice_0310__li206713119817"></a><a name="li206713119817"></a>If the MinIO server is installed outside the cluster, backup files will not be affected when a catastrophic fault occurs in the cluster.</p>
</li><li id="cce_bestpractice_0310__li1615322012011">Idle nodes in the cluster<div class="p" id="cce_bestpractice_0310__p148410843615"><a name="cce_bestpractice_0310__li1615322012011"></a><a name="li1615322012011"></a>You can remotely log in to a node to install the MinIO server or install MinIO in a container. For details, see the official Velero documentation at <a href="https://velero.io/docs/v1.7/contributions/minio/#set-up-server" target="_blank" rel="noopener noreferrer">https://velero.io/docs/v1.7/contributions/minio/#set-up-server</a>.<div class="notice" id="cce_bestpractice_0310__note22499214346"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><p id="cce_bestpractice_0310__p1624972103415">For example, to install MinIO in a container, run the following command:</p>
<ul id="cce_bestpractice_0310__ul324932183410"><li id="cce_bestpractice_0310__li162491925345">The storage type in the YAML file provided by Velero is <strong id="cce_bestpractice_0310__b1808122372315">emptyDir</strong>. You are advised to change the storage type to <strong id="cce_bestpractice_0310__b977341734114">HostPath</strong> or <strong id="cce_bestpractice_0310__b0798520144114">Local</strong>. Otherwise, backup files will be permanently lost after the container is restarted.</li><li id="cce_bestpractice_0310__li524918253414">Ensure that the MinIO service is accessible externally. Otherwise, backup files cannot be downloaded outside the cluster. You can change the Service type to NodePort or use other types of public network access Services.</li></ul>
</div></div>
</div>
</li></ul>
<p id="cce_bestpractice_0310__p188061459195317">Regardless of which deployment method is used, the server where MinIO is installed must have sufficient storage space, an EIP must be bound to the server, and the MinIO service port must be enabled in the security group. Otherwise, backup files cannot be uploaded or downloaded.</p>
<p id="cce_bestpractice_0310__p3891235918">In this example, MinIO is installed on a temporary ECS outside the cluster.</p>
<ol id="cce_bestpractice_0310__ol9501644134317"><li id="cce_bestpractice_0310__li2501124412437"><span>Download MinIO.</span><p><pre class="screen" id="cce_bestpractice_0310__screen7473102322915">mkdir /opt/minio
mkdir /opt/miniodata
cd /opt/minio
wget https://dl.minio.io/server/minio/release/linux-amd64/minio
chmod +x minio</pre>
</p></li><li id="cce_bestpractice_0310__li126129251432"><a name="cce_bestpractice_0310__li126129251432"></a><a name="li126129251432"></a><span>Set the username and password of MinIO.</span><p><div class="p" id="cce_bestpractice_0310__p129201130164311">The username and password set using this method are temporary environment variables and must be reset after the service is restarted. Otherwise, the default root credential <strong id="cce_bestpractice_0310__b692584013259">minioadmin:minioadmin</strong> will be used to create the service.<pre class="screen" id="cce_bestpractice_0310__screen203563619379">export MINIO_ROOT_USER=minio
export MINIO_ROOT_PASSWORD=minio123</pre>
</div>
</p></li><li id="cce_bestpractice_0310__li11998181319215"><span>Create a service. In the command, <strong id="cce_bestpractice_0310__b6190111516260">/opt/miniodata/</strong> indicates the local disk path for MinIO to store data.</span><p><div class="p" id="cce_bestpractice_0310__p2772814105517">The default API port of MinIO is 9000, and the console port is randomly generated. You can use the<strong id="cce_bestpractice_0310__b9701114135410"> --console-address</strong> parameter to specify a console port.<pre class="screen" id="cce_bestpractice_0310__screen41261845123720">./minio server /opt/miniodata/ <strong id="cce_bestpractice_0310__b2067953905617">--console-address ":30840"</strong> &amp;</pre>
<div class="note" id="cce_bestpractice_0310__note599313216576"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_bestpractice_0310__p361815479536">Enable the API and console ports in the firewall and security group on the server where MinIO is to be installed. Otherwise, access to the object bucket will fail.</p>
</div></div>
</div>
</p></li><li id="cce_bestpractice_0310__li679315587507"><span>Use a browser to access http://{<em id="cce_bestpractice_0310__i2387183555417">EIP of the node where MinIO resides</em>}:30840. The MinIO console page is displayed.</span></li></ol>
</div>
<div class="section" id="cce_bestpractice_0310__section138392220432"><a name="cce_bestpractice_0310__section138392220432"></a><a name="section138392220432"></a><h4 class="sectiontitle">Installing Velero</h4><p id="cce_bestpractice_0310__p1288219132619">Go to the OBS console or MinIO console and create a bucket named <strong id="cce_bestpractice_0310__b48824918262">velero</strong> to store backup files. You can custom the bucket name, which must be used when installing Velero. Otherwise, the bucket cannot be accessed and the backup fails. For details, see <a href="#cce_bestpractice_0310__li1722825643415">4</a>.</p>
<div class="notice" id="cce_bestpractice_0310__note3130637171311"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><ul id="cce_bestpractice_0310__ul18878113412459"><li id="cce_bestpractice_0310__li14878113410458">Velero instances need to be installed and deployed in both the <strong id="cce_bestpractice_0310__b66513418511">source and target clusters</strong>. The installation procedures are the same, which are used for backup and restoration, respectively.</li><li id="cce_bestpractice_0310__li13878123434512">The master node of a CCE cluster does not provide a port for remote login. You can install Velero using kubectl.</li><li id="cce_bestpractice_0310__li086014434132">If there are a large number of resources to back up, you are advised to adjust the CPU and memory resources of Velero and Restic to 1 vCPU and 1 GB memory or higher. For details, see <a href="cce_bestpractice_0314.html#cce_bestpractice_0314__section321054511332">Backup Tool Resources Are Insufficient</a>.</li><li id="cce_bestpractice_0310__li371815153549">The object storage bucket for storing backup files must be <strong id="cce_bestpractice_0310__b925991915532">empty</strong>.</li></ul>
</div></div>
<p id="cce_bestpractice_0310__p23063528370">Download the latest, stable binary file from <a href="https://github.com/vmware-tanzu/velero/releases" target="_blank" rel="noopener noreferrer">https://github.com/vmware-tanzu/velero/releases</a>. This section uses Velero 1.7.0 as an example. The installation process in the source cluster is the same as that in the target cluster.</p>
<ol id="cce_bestpractice_0310__ol23917418811"><li id="cce_bestpractice_0310__li139941685"><span>Download the binary file of Velero 1.7.0.</span><p><pre class="screen" id="cce_bestpractice_0310__screen18999040171111">wget https://github.com/vmware-tanzu/velero/releases/download/v1.7.0/velero-v1.7.0-linux-amd64.tar.gz</pre>
</p></li><li id="cce_bestpractice_0310__li689617355117"><span>Install the Velero client.</span><p><pre class="screen" id="cce_bestpractice_0310__screen56461032153214">tar -xvf velero-v1.7.0-linux-amd64.tar.gz
cp ./velero-v1.7.0-linux-amd64/velero /usr/local/bin</pre>
</p></li><li id="cce_bestpractice_0310__li197871715322"><a name="cce_bestpractice_0310__li197871715322"></a><a name="li197871715322"></a><span>Create the access key file <strong id="cce_bestpractice_0310__b667315187332">credentials-velero</strong> for the backup object storage.</span><p><pre class="screen" id="cce_bestpractice_0310__screen349193683016">vim credentials-velero</pre>
<div class="p" id="cce_bestpractice_0310__p829284510217">Replace the AK/SK in the file based on the site requirements. If MinIO is used, the AK/SK are the username and password created in <a href="#cce_bestpractice_0310__li126129251432">2</a>.<pre class="screen" id="cce_bestpractice_0310__screen1785641615356">[default]
aws_access_key_id = {AK}
aws_secret_access_key = {SK}</pre>
</div>
</p></li><li id="cce_bestpractice_0310__li1722825643415"><a name="cce_bestpractice_0310__li1722825643415"></a><a name="li1722825643415"></a><span>Deploy the Velero server. Change the value of <strong id="cce_bestpractice_0310__b19564115842">--bucket</strong> to the name of the created object storage bucket. In this example, the bucket name is <strong id="cce_bestpractice_0310__b936516262045">velero</strong>. For more information about custom installation parameters, see <a href="https://velero.io/docs/v1.7/customize-installation/" target="_blank" rel="noopener noreferrer">Customize Velero Install</a>.</span><p><pre class="screen" id="cce_bestpractice_0310__screen456316020486">velero install \
--provider aws \
--plugins velero/velero-plugin-for-aws:v1.2.1 \
<strong id="cce_bestpractice_0310__b14563170204817"> --bucket</strong> <strong id="cce_bestpractice_0310__b3564140114811">velero</strong> \
--secret-file ./credentials-velero \
<strong id="cce_bestpractice_0310__b17564170204811">--use-restic</strong> \
--use-volume-snapshots=false \
--backup-location-config <strong id="cce_bestpractice_0310__b1856418018483">region=eu-de</strong>,s3ForcePathStyle="true",s3Url=<strong id="cce_bestpractice_0310__b1656490114819">http://</strong><strong id="cce_bestpractice_0310__b434842745017">obs.eu-de.otc.t-systems.com</strong></pre>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_bestpractice_0310__table1298553205012" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Installation parameters of Velero</caption><thead align="left"><tr id="cce_bestpractice_0310__row49861632155012"><th align="left" class="cellrowborder" valign="top" width="20.11%" id="mcps1.3.5.5.4.2.2.2.3.1.1"><p id="cce_bestpractice_0310__p198612324502">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="79.89%" id="mcps1.3.5.5.4.2.2.2.3.1.2"><p id="cce_bestpractice_0310__p698683213500">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="cce_bestpractice_0310__row4986133285016"><td class="cellrowborder" valign="top" width="20.11%" headers="mcps1.3.5.5.4.2.2.2.3.1.1 "><p id="cce_bestpractice_0310__p10986183225015">--provider</p>
</td>
<td class="cellrowborder" valign="top" width="79.89%" headers="mcps1.3.5.5.4.2.2.2.3.1.2 "><p id="cce_bestpractice_0310__p9986123216503">Vendor who provides the plug-in.</p>
</td>
</tr>
<tr id="cce_bestpractice_0310__row6986173225015"><td class="cellrowborder" valign="top" width="20.11%" headers="mcps1.3.5.5.4.2.2.2.3.1.1 "><p id="cce_bestpractice_0310__p1698619321505">--plugins</p>
</td>
<td class="cellrowborder" valign="top" width="79.89%" headers="mcps1.3.5.5.4.2.2.2.3.1.2 "><p id="cce_bestpractice_0310__p199861232175017">API component compatible with AWS S3. Both OBS and MinIO support the S3 protocol.</p>
</td>
</tr>
<tr id="cce_bestpractice_0310__row17986103245013"><td class="cellrowborder" valign="top" width="20.11%" headers="mcps1.3.5.5.4.2.2.2.3.1.1 "><p id="cce_bestpractice_0310__p1986113295017">--bucket</p>
</td>
<td class="cellrowborder" valign="top" width="79.89%" headers="mcps1.3.5.5.4.2.2.2.3.1.2 "><p id="cce_bestpractice_0310__p3986132165014">Name of the object storage bucket for storing backup files. The bucket must be created in advance.</p>
</td>
</tr>
<tr id="cce_bestpractice_0310__row1298683216500"><td class="cellrowborder" valign="top" width="20.11%" headers="mcps1.3.5.5.4.2.2.2.3.1.1 "><p id="cce_bestpractice_0310__p16986143213509">--secret-file</p>
</td>
<td class="cellrowborder" valign="top" width="79.89%" headers="mcps1.3.5.5.4.2.2.2.3.1.2 "><p id="cce_bestpractice_0310__p29861632135010">Secret file for accessing the object storage, that is, the <strong id="cce_bestpractice_0310__b1566251467">credentials-velero</strong> file created in <a href="#cce_bestpractice_0310__li197871715322">3</a>.</p>
</td>
</tr>
<tr id="cce_bestpractice_0310__row17986732155016"><td class="cellrowborder" valign="top" width="20.11%" headers="mcps1.3.5.5.4.2.2.2.3.1.1 "><p id="cce_bestpractice_0310__p1398613327503">--use-restic</p>
</td>
<td class="cellrowborder" valign="top" width="79.89%" headers="mcps1.3.5.5.4.2.2.2.3.1.2 "><p id="cce_bestpractice_0310__p1198613220502">Whether to use Restic to support PV data backup. You are advised to enable this function. Otherwise, storage volume resources cannot be backed up.</p>
</td>
</tr>
<tr id="cce_bestpractice_0310__row16986193255013"><td class="cellrowborder" valign="top" width="20.11%" headers="mcps1.3.5.5.4.2.2.2.3.1.1 "><p id="cce_bestpractice_0310__p5986632185017">--use-volume-snapshots</p>
</td>
<td class="cellrowborder" valign="top" width="79.89%" headers="mcps1.3.5.5.4.2.2.2.3.1.2 "><p id="cce_bestpractice_0310__p5986232135011">Whether to create the VolumeSnapshotLocation object for PV snapshot, which requires support from the snapshot program. Set this parameter to <strong id="cce_bestpractice_0310__b351510543617">false</strong>.</p>
</td>
</tr>
<tr id="cce_bestpractice_0310__row123519155210"><td class="cellrowborder" valign="top" width="20.11%" headers="mcps1.3.5.5.4.2.2.2.3.1.1 "><p id="cce_bestpractice_0310__p183529125217">--backup-location-config</p>
</td>
<td class="cellrowborder" valign="top" width="79.89%" headers="mcps1.3.5.5.4.2.2.2.3.1.2 "><p id="cce_bestpractice_0310__p2028718451307">OBS bucket configurations, including region, s3ForcePathStyle, and s3Url.</p>
</td>
</tr>
<tr id="cce_bestpractice_0310__row185442375713"><td class="cellrowborder" valign="top" width="20.11%" headers="mcps1.3.5.5.4.2.2.2.3.1.1 "><p id="cce_bestpractice_0310__p1654543717712">region</p>
</td>
<td class="cellrowborder" valign="top" width="79.89%" headers="mcps1.3.5.5.4.2.2.2.3.1.2 "><p id="cce_bestpractice_0310__p57281942191117">Region to which object storage bucket belongs.</p>
<ul id="cce_bestpractice_0310__ul132912452113"><li id="cce_bestpractice_0310__li88571258191415">If OBS is used, set this parameter according to your region, for example, <strong id="cce_bestpractice_0310__b1534116269549">eu-de</strong>.</li><li id="cce_bestpractice_0310__li836215615116">If MinIO is used, set this parameter to <strong id="cce_bestpractice_0310__b08694591776">minio</strong>.</li></ul>
</td>
</tr>
<tr id="cce_bestpractice_0310__row188978428713"><td class="cellrowborder" valign="top" width="20.11%" headers="mcps1.3.5.5.4.2.2.2.3.1.1 "><p id="cce_bestpractice_0310__p289784219712">s3ForcePathStyle</p>
</td>
<td class="cellrowborder" valign="top" width="79.89%" headers="mcps1.3.5.5.4.2.2.2.3.1.2 "><p id="cce_bestpractice_0310__p3897134213715">The value<strong id="cce_bestpractice_0310__b188221455816"> true</strong> indicates that the S3 file path format is used.</p>
</td>
</tr>
<tr id="cce_bestpractice_0310__row1623114013713"><td class="cellrowborder" valign="top" width="20.11%" headers="mcps1.3.5.5.4.2.2.2.3.1.1 "><p id="cce_bestpractice_0310__p172318407712">s3Url</p>
</td>
<td class="cellrowborder" valign="top" width="79.89%" headers="mcps1.3.5.5.4.2.2.2.3.1.2 "><p id="cce_bestpractice_0310__p12252926151211">API access address of the object storage bucket.</p>
<ul id="cce_bestpractice_0310__ul19661627161215"><li id="cce_bestpractice_0310__li177014356503">If OBS is used, set this parameter to <strong id="cce_bestpractice_0310__b1613911313205">http://obs.{<em id="cce_bestpractice_0310__i1213931318208">region</em>}.otc.t-systems.com</strong> (<em id="cce_bestpractice_0310__i161399136202">region</em> indicates the region where the object storage bucket is located). For example, if the region is eu-de, the parameter value is <span class="parmvalue" id="cce_bestpractice_0310__parmvalue1649984092017"><b>http://obs.eu-de.otc.t-systems.com</b></span>.</li><li id="cce_bestpractice_0310__li6848734101211">If MinIO is used, set this parameter to <strong id="cce_bestpractice_0310__b1369418443498">http://{<em id="cce_bestpractice_0310__i93851949134913">EIP of the node where minio is located</em>}:9000</strong>. The value of this parameter is determined based on the IP address and port of the node where MinIO is installed.<div class="note" id="cce_bestpractice_0310__note12459531216"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="cce_bestpractice_0310__ul367413691214"><li id="cce_bestpractice_0310__li067417617121">The access port in s3Url must be set to the API port of MinIO instead of the console port. The default API port of MinIO is 9000.</li><li id="cce_bestpractice_0310__li96748671210">To access MinIO installed outside the cluster, you need to enter the public IP address of MinIO.</li></ul>
</div></div>
</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="cce_bestpractice_0310__li1416185416018"><span>By default, a namespace named <strong id="cce_bestpractice_0310__b111206162522">velero</strong> is created for the Velero instance. Run the following command to view the pod status:</span><p><pre class="screen" id="cce_bestpractice_0310__screen11881501936">$ kubectl get pod -n velero
NAME READY STATUS RESTARTS AGE
restic-rn29c 1/1 Running 0 16s
velero-c9ddd56-tkzpk 1/1 Running 0 16s</pre>
<div class="note" id="cce_bestpractice_0310__note345023151715"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_bestpractice_0310__p845012371714">To prevent memory insufficiency during backup in the actual production environment, you are advised to change the CPU and memory allocated to Restic and Velero by referring to <a href="cce_bestpractice_0314.html#cce_bestpractice_0314__section321054511332">Backup Tool Resources Are Insufficient</a>.</p>
</div></div>
</p></li><li id="cce_bestpractice_0310__li12133141692317"><span>Check the interconnection between Velero and the object storage and ensure that the status is <strong id="cce_bestpractice_0310__b951210429164">Available</strong>.</span><p><pre class="screen" id="cce_bestpractice_0310__screen552335112113">$ velero backup-location get
NAME PROVIDER BUCKET/PREFIX PHASE LAST VALIDATED ACCESS MODE DEFAULT
default aws velero Available 2021-10-22 15:21:12 +0800 CST ReadWrite true</pre>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="cce_bestpractice_0306.html">Migrating On-premises Kubernetes Clusters to CCE</a></div>
</div>
</div>
View Git Blame Copy Permalink