After you register external Kubernetes clusters to Container Service for Kubernetes (ACK), you can use the backup center of ACK to back up applications and data in the clusters, and restore the backup files in ACK clusters. This topic describes how to use the backup center of ACK to migrate applications from external Kubernetes clusters to ACK clusters.
Prerequisites
A registered cluster is created and an external cluster whose Kubernetes version is later than 1.20 is registered to ACK by using the registered cluster. For more information, see Create a registered cluster in the ACK console.
An ACK cluster that is used to restore applications is deployed in the same region as the registered cluster, and the Kubernetes version of the cluster is later than 1.20. For more information, see Create an ACK managed cluster and Create an ACK dedicated cluster.
The cluster backup feature is enabled for the registered cluster and the ACK cluster that you created. For more information, see Install migrate-controller and grant permissions.
A route is configured that points to the internal network of the region in which the Object Storage Service (OSS) bucket for the registered cluster resides if the cluster is connected to a virtual private cloud (VPC) by using Cloud Enterprise Network (CEN), Express Connect, or VPN connections. For more information, see Internal endpoints of OSS buckets and VIP ranges.
Hybrid Backup Recovery (HBR) is activated. For more information, see Cloud Backup.
Scenarios
Hybrid cloud data backup and disaster recovery: You need to back up data, restore backup files, and migrate applications and data to the cloud.
Usage notes
Before you back up the data in the external cluster, you must create persistent volumes (PVs) and persistent volume claims (PVCs) to mount local volumes to the cluster. The Container Storage Interface (CSI) plug-in provided by Alibaba Cloud allows you to mount volumes to registered clusters. For more information, see Overview.
The registered cluster, ACK cluster, and OSS bucket must be deployed in the same region.
Before you begin
In this example, a MySQL application that runs in an external cluster is backed up and then the backup file is restored in an ACK cluster. Before you migrate the application, you must make sure that the registered cluster and the ACK cluster are deployed in the same region and both have the cluster backup feature enabled. You must also make sure that the following conditions are met:
Registered cluster: A Resource Access Management (RAM) user is created and granted the permissions to access OSS and HBR. A Secret named alibaba-addon-secret is created in the csdr namespace of the registered cluster to store the AccessKey ID and AccessKey secret of the RAM user.
Run the following command to check whether the alibaba-addon-secret Secret exists:
kubectl get secret alibaba-addon-secret -n csdr
Expected output:
alibaba-addon-secret Opaque 2 5d22h
ACK cluster:
If you use an ACK managed cluster, make sure that HBR is activated and an OSS bucket named cnfs-oss-**** is created.
If you use an ACK dedicated cluster, make sure that the worker RAM role of the cluster has the permissions to access OSS and HBR. For more information, see Authorize an ACK dedicated cluster to access OSS and Authorize an ACK dedicated cluster or registered cluster to access HBR.
Step 1: Deploy an application in the external cluster
Run the following command to create a namespace named test1:
kubectl create namespace test1
Create a file named app-mysql.yaml and add the following content to the file.
Replace
<your-hostname>
with the name of the node that you want to back up. Set theusername
andpassword
parameters to the username and password that are used to log on to the application.apiVersion: apps/v1 kind: StatefulSet metadata: name: mysql-sts namespace: test1 spec: selector: matchLabels: app: mysql-sts serviceName: mysql-sts template: metadata: labels: app: mysql-sts spec: containers: - name: mysql-sts image: mysql:5.7 env: - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: name: mysql-pass key: password ports: - containerPort: 80 name: mysql-sts volumeMounts: - name: mysql mountPath: /var/lib/mysql volumes: - name: mysql persistentVolumeClaim: claimName: example-pvc --- apiVersion: v1 kind: PersistentVolume metadata: name: example-pv spec: capacity: storage: 100Gi volumeMode: Filesystem accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Delete storageClassName: local-storage local: path: /mnt/disk nodeAffinity: required: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/hostname operator: In values: - <your-hostname> # Specify the name of the node that you want to back up. --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: example-pvc namespace: test1 spec: accessModes: - ReadWriteOnce resources: requests: storage: 25Gi storageClassName: local-storage volumeName: example-pv --- apiVersion: v1 kind: Secret metadata: name: mysql-pass namespace: test1 type: Opaque data: username: dGVz**** # Replace the value with the username that is used to log on to the MySQL application that you want to back up. password: dGVzdDEt**** # Replace the value with the password that is used to log on to the MySQL application that you want to back up.
Run the following command to create a MySQL application, a PV, and a PVC. The PV and PVC are used to mount a local disk to the MySQL application.
kubectl create -f app-mysql.yaml
Expected output:
statefulset.apps/mysql-sts created persistentvolume/example-pv created persistentvolumeclaim/example-pvc created secret/mysql-pass created
Run the following command to check whether the MySQL application is created:
kubectl get pod -n test1 | grep mysql-sts
Expected output:
mysql-sts-0 1/1 Running 1 (4m51s ago) 4m58s
Step 2: Back up the MySQL application and data in the external cluster
You can register the external cluster to ACK and then perform the backup operation in the registered cluster. To back up the MySQL application and data, perform the following operations:
Create a backup vault in the registered cluster. For more information, see Create a backup vault.
Create a backup task in the registered cluster to back up the MySQL application. For more information, see Create a backup task.
In the Create Backup Plan panel of the ACK console, set Name to MySQL, select the backup vault that you created in the previous step from the Backup Vaults drop-down list, and then select test1 from the Backup Namespaces drop-down list.
On the Backups and Snapshots tab, if the status of the MySQL backup task changes from InProgress to Completed, the MySQL application and data are backed up.
Step 3: Restore the backup file in the ACK cluster
In this example, the alibabacloud-cnfs-nas StorageClass is used to show how to restore the backup file of the MySQL application in the ACK cluster. Perform the following steps:
Create a snapshot for a volume that is included in the MySQL backup task in the ACK cluster. For more information, see Create snapshots for volumes of CNFS types.
On the Backups and Snapshots tab, if the status of the MySQL backup task changes from Completed to ConvertionCompleted, the snapshot is created.
Create a restoration task named mysql-restore to deploy the MySQL application in the test2 namespace of the ACK cluster. For more information, see Restore the application and volume.
In the Create Restoration Task panel, set Name to mysql-restore, select the backup vault that you created from the Backup Vaults drop-down list, and then select MySQL from the Select Backup drop-down list. Click Add to the right side of Reset Namespace, select test1, and then specify test2 in the field to the right side of the colon (:).
On the Restore tab, if the status of the mysql-restore restoration task changes from InProgress to Completed, the MySQL application and data are backed up.
Run the following command in the ACK cluster to check whether the MySQL application is deployed:
kubectl get pod -n test2 | grep mysql-sts
Expected output:
mysql-sts-0 1/1 Running 0 4s
Run the following command in the ACK cluster to check whether the data is restored.
Run the following command to check whether the StorageClass of the PVC is changed to alibaba-cnfs-nas:
kubectl get pvc -n test2 | grep example-pvc
Expected output:
example-pvc Bound nas-acde4acd-59b6-4332-90af-b74ef6****** 25Gi RWO alibabacloud-cnfs-nas 31m
Run the following command to check whether the example-pvc PVC is mounted to the MySQL application:
kubectl describe pvc example-pvc -n test2 | grep "Used By"
Expected output:
Used By: mysql-sts-0