Back up and restore applications in an ACK cluster - Container Service for Kubernetes

You can use the backup center to back up and restore applications in Container Service for Kubernetes (ACK) clusters for disaster recovery.

Limits

When the backup center backs up applications, the resources that are being deleted are not backed up.
Only ACK clusters that run Kubernetes 1.16 or later support the backup center. For more information about how to update the Kubernetes version of an ACK cluster, see Manually upgrade ACK clusters.
By default, Elastic Compute Service (ECS) snapshots are created to back up disks. Only ACK clusters that run Kubernetes 1.18 or later and use CSI support ECS snapshots. If your cluster does not meet the requirement, use Cloud Backup.

Prerequisites

migrate-controller is installed and permissions are granted.
To create disk snapshots to back up volumes, you must install CSI 1.1.0 or later. For more information, see Manage the CSI plug-in.
To restore backups to File Storage NAS (NAS) volumes managed by CNFS (by setting StorageClass to alibabacloud-cnfs-nas), you need to create a StorageClass first. For more information, see Use CNFS to manage NAS file systems (recommended).

Billing

The backup center feature is free of charge. However, you may be charged for the following related services when you use the feature:

OSS: An OSS bucket is used to store backup files of the cluster, such as the related YAML files. For more information about the billing of OSS, see Billing.
Disk snapshot: Used to back up volumes that use Alibaba Cloud disks. For more information about the billing, see Snapshots.
Note
- Starting 11:00 (UTC+8) on October 12, 2023, you are no longer charged storage fees and feature usage fees for the instant access feature. For more information, see Use the instant access feature.
- If you use PL0 enhanced SSD (ESSD), PL1 ESSD, PL2 ESSD, PL3 ESSD, or ESSD AutoPL disks, snapshots created during backups have the instant access feature enabled by default.
Cloud Backup: Used to back up data from volume types other than disk volumes. You are charged for storage usage of container backup vaults created at the Cloud Backup side. For more information, see Price Details.

Step 1: Create a backup vault

When you back up applications in an ACK cluster, the backup files are stored in an Object Storage Service (OSS) bucket. If no backup vault is available when you create a backup task, you must perform the operations in Step 1.

Note

You need to create only one backup vault in the region of your ACK clusters. The ACK clusters can share the backup vault.
You cannot update existing backup vaults. Existing backup vaults can only be deleted. If you create a backup vault that has the same name as a deleted backup vault, the backup vault that you create cannot be used by clusters that have used the application backup feature.

Log on to the ACK console. In the left-side navigation pane, choose Multi-cluster > Backup Center.
On the Backup Center page, click Create Backup Vault.

In the Create Backup Vault panel, configure the parameters and click OK.

Parameter	Description
Vault Name	The name of the backup vault. The name can contain lowercase letters and digits.
OSS Bucket Region	The region where the OSS bucket that you want to use is deployed.
OSS Bucket Name	The name of the OSS bucket. If you use an ACK managed cluster, you need to create an OSS bucket before you perform this step. The OSS bucket must be named in the cnfs-oss**** format.
OSS Bucket Subdirectory	The subdirectory of the OSS bucket. This parameter is optional.
Visible Scope	The visibility of the backup vault to other users. Valid values: The backup vault is visible only to Alibaba Cloud accounts and the creator. The backup vault is visible to Alibaba Cloud accounts and RAM users.

Step 2: Create a backup plan or back up instantly

Create a backup plan: The system periodically creates backup tasks based on the backup cycle until the backup plan is deleted. You can specify a backup cycle to allow the system to create backup tasks at an interval or at a scheduled time of each day, week, or month.
Back up instantly: The system creates a backup task to back up applications at the current time.

When you create a backup plan or an instant backup plan, the system creates a backup task in the cluster. The status of the task is displayed on the Backup Records tab.

Create a backup plan

On the Clusters page, click the name of the cluster that you want to manage. In the left-side navigation pane, choose Operations > Application Backup.
The system automatically checks whether the backup service component is installed. If not, follow the instructions on the page to install the backup service component. If you use a registered cluster or ACK dedicated cluster, you also need to configure permissions. For more information, see Install migrate-controller and grant permissions.

On the Application Backup page, click Create Backup Plan. In the Create Backup Plan panel, configure the parameters and click OK.

Parameter	Description
Name	The name of the backup plan. This parameter is required.
Backup Vault	Select the backup vault that you want to use. This parameter is required.
Backup Type	Application Backup: The system backs up applications that run in the cluster, including cluster resources and the volumes that are used by the applications. Data Protection: The system backs up volume data. The resources include only persistent volume claims (PVCs) and persistent volumes (PVs). For more information, see What are the scenarios for application backups and data protection?
Select Namespace	Include: The system backs up only the applications in the namespaces that are specified in Backup Namespace. If a selected namespace is deleted, the system skips the namespace during backup. Exclude: The system backs up the applications in all namespaces except the namespaces that are specified in Backup Namespaces. If a new namespace is created, the applications in the namespace are also backed up. Note You can configure Select Namespace only when you create a backup plan. The default value for instant backup plans is Include.
Backup Namespace	You can select one or more namespaces. This parameter is required. Note The kube-system, kube-publish, kube-node-lease, and csdr namespaces rely on the cluster. The backup and restore feature is not suitable for these namespaces. Therefore, you cannot back up applications in these namespaces.
Backup Volume	If Backup Type is set to Application Backup, the following options are available for Backup Volume: Specify whether to back up data in volumes used by applications. Mounted Volumes: The current data is backed up to ECS snapshots or Cloud Backup. When you restore data, the system retrieves the backup data from ECS snapshots or Cloud Backup and restores the data to new disks or other underlying storage media. Disk volumes: By default, the system uses ECS snapshots to back up and restore data. Other types of volumes: The system uses Cloud Backup to back up and restore data. Disable: The system does not back up the data in the underlying storage media of volumes. When you restore data, the system restores only the YAML files. If you do not want to back up and restore volume-related resources, you can specify PVs and PVCs in excluded resources. For more information, see In which scenarios do I need to back up volumes in application backups? If Backup Type is set to Data Protection, the following options are available for Backup Volumes: Select the range of volumes that you want to back up. The volumes that meet the conditions are backed up regardless of whether they are mounted. All Volumes: The system backs up all volumes. Specified Types of Volumes: The system backs up volumes of the specified types. You must also configure the Storage parameter. Specified Volumes: The system backs up only the volumes that are specified by PVCs. You must also configure the Persistent Volume Claims parameter.
Storage	This parameter is valid only if Backup Type is set to Data Protection and Backup Volume is set to Specified Types of Volumes. Specify the types of volumes that you want to back up.
Persistent Volume Claims	This parameter is valid only if Backup Type is set to Data Protection and Backup Volume is set to Specified Volumes. Specify the volumes that you want to back up.
Backup Cycle	Enter a crontab expression. You need to specify a backup cycle only when you create a backup plan. For more information about how to specify a backup cycle, see How do I specify the backup cycle when I create a backup plan? You can use a Linux crontab expression or specify a backup interval.

View advanced settings

Parameter	Description
Specified Label	Specify a label. Applications that have this label are backed up. You can specify only one backup label.
Specified Resources	Specify one or more resource object names that are separated by commas (,). Example: `deploy, configmap`. Only the specified Kubernetes resources are backed up.
Excluded Resources	You can specify one or more Kubernetes resources that you want to exclude from the backup task and separate them with commas (,). Example: `pod, secret`. The excluded resources are not backed up.
Validity Period	The validity period of backups. Expired backups cannot be restored. Valid values: 1 to 65536. Unit: days.

What to do next

On the Backup Plans tab of the Application Backup page, you can click View Backup Records in the Actions column of a backup plan to view backup records. If the Status column displays Completed, backups are created.

On the Backup Plans tab of the Application Backup page, you can click Edit in the Actions column of a backup plan to modify the backup namespaces and backup cycle.

Back up instantly

On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, choose Operations > Application Backup.
The system automatically checks whether the backup service component is installed. If not, follow the instructions on the page to install the backup service component. If you use a registered cluster or ACK dedicated cluster, you also need to configure permissions. For more information, see Install migrate-controller and grant permissions.
On the Application Backup page, click Instant Backup. In the Instant Backup panel, configure parameters and click OK.

Parameter	Description
Name	The name of the instant backup task. This parameter is required.
Backup Vault	Select the backup vault that you want to use. This parameter is required.
Backup Type	Application Backup: The system backs up applications that run in the cluster, including cluster resources and the volumes that are used by the applications. Data Protection: The system backs up volume data. The resources include only persistent volume claims (PVCs) and persistent volumes (PVs). For more information, see What are the scenarios for application backups and data protection?
Backup Namespace	You can select one or more namespaces. This parameter is required. Note The kube-system, kube-publish, kube-node-lease, and csdr namespaces rely on the cluster. The backup and restore feature is not suitable for these namespaces. Therefore, you cannot back up applications in these namespaces.
Backup Volume	If Backup Type is set to Application Backup, the following options are available for Backup Volume: Specify whether to back up data in volumes used by applications. Mounted Volumes: The current data is backed up to ECS snapshots or Cloud Backup. When you restore data, the system retrieves the backup data from ECS snapshots or Cloud Backup and restores the data to new disks or other underlying storage media. Disk volumes: By default, the system uses ECS snapshots to back up and restore data. Other types of volumes: The system uses Cloud Backup to back up and restore data. Disable: The system does not back up the data in the underlying storage media of volumes. When you restore data, the system restores only the YAML files. If you do not want to back up and restore volume-related resources, you can specify PVs and PVCs in excluded resources. For more information, see In which scenarios do I need to back up volumes in application backups? If Backup Type is set to Data Protection, the following options are available for Backup Volumes: Select the range of volumes that you want to back up. The volumes that meet the conditions are backed up regardless of whether they are mounted. All Volumes: The system backs up all volumes. Specified Types of Volumes: The system backs up volumes of the specified types. You must also configure the Storage parameter. Specified Volumes: The system backs up only the volumes that are specified by PVCs. You must also configure the Persistent Volume Claims parameter.
Storage	This parameter is valid only if Backup Type is set to Data Protection and Backup Volume is set to Specified Types of Volumes. Specify the types of volumes that you want to back up.
Persistent Volume Claims	This parameter is valid only if Backup Type is set to Data Protection and Backup Volume is set to Specified Volumes. Specify the volumes that you want to back up.

View advanced settings

Parameter	Description
Specified Label	Specify a label. Applications that have this label are backed up. You can specify only one backup label.
Specified Resources	Specify one or more resource object names that are separated by commas (,). Example: `deploy, configmap`. Only the specified Kubernetes resources are backed up.
Excluded Resources	You can specify one or more Kubernetes resources that you want to exclude from the backup task and separate them with commas (,). Example: `pod, secret`. The excluded resources are not backed up.
Validity Period	The validity period of backups. Expired backups cannot be restored. Valid values: 1 to 65536. Unit: days.

What to do next

On the Backup Plans tab of the Application Backup page, if the Status column of a backup record displays Completed, backups are created.

You can click Clone in the Actions column of a backup record to create a real-time backup task from the backup record.

Step 3: Restore applications and volumes

Important

The system does not overwrite existing resources in the cluster when it restores data. It restores only resources that do not exist in the cluster. If the cluster already contains resources that you want to restore, delete the existing resources before you perform the restoration.

On the Application Backup page, click Restore Instantly.

In the Restore Instantly panel, configure the parameters and click OK.

Parameter	Description
Name	The name of the restore task. The name can contain lowercase letters and digits.
Backup Vaults	Select the backup vault where backup files are stored. After you select a backup vault, click Initialize Backup Vault to associate the restore cluster with the backup vault. You need to associate a backup vault with a cluster only once. After the backup vault is initialized, you can select a backup file from the backup vault to restore data.
Select Backup	Select a backup file.
Restore Namespace	You can select one or more backup namespaces for restoration. If this parameter is not specified, a full restoration is performed. Note If the backup includes cluster-level resources, leave this field empty.
Reset Namespace	If you want to select backup files in other namespaces, click Add, select the namespace to which the backup files belong, and then specify the namespace to which the backup files are restored after the colon (:).
Reset Image Repository	To modify the image repository address used by the backup workload, click Add, enter the image repository address that you want to modify in the left textfield, and specify the new image repository address after the colon (:). For example: `docker.io/library : registry.cn-hangzhou.aliyuncs.com/xxx`. For more information, see FAQ about the backup center
StorageClass Conversion	The snapshot feature is renamed as StorageClass conversion. This feature can convert the StorageClasses of PVCs in volume backups. For example, your application uses NAS volumes. After you select the alicloud-disk StorageClass, the restored application uses disk volumes. Important You can convert only the StorageClasses of volumes of the FileSystem type (volumes other than disk volumes created by Cloud Backup). For ReadWriteMany volumes, recovery to a disk is not supported. For ReadOnlyMany volumes, when recovering to a disk, ensure that replicas are not simultaneously mounted on multiple nodes to avoid forced disk unmounting.

Verify that the related stateful or stateless application, volumes, and Services can be started and accessed as normal.
1. In the left-side navigation pane of the restore cluster management page, choose Workloads > Deployments.
2. Find the application and click Details in the Actions column.
  On the Pods tab, confirm that the status of the restored Deployment is Running.
3. In the left-side navigation pane of the details page, choose Volumes > Persistent Volume Claims.
  On the Persistent Volume Claims page, confirm that the PVCs are restored and displayed.
4. In the left-side navigation pane of the details page, choose Network > Services.
5. On the Services page, click the external endpoint of a Service to check whether the Service can be accessed.

Verify the results

Verify that the related stateful or stateless application, volumes, and Services can be started and accessed as normal.

In the left-side navigation pane of the restored cluster, choose Workloads > Deployments.
Find the application that you want to manage and click Details in the Actions column.
On the Pods tab, check whether Running is displayed in the Status column of the application.
In the left-side navigation pane, choose Volumes > Persistent Volume Claims.
On the Persistent Volume Claims page, you can view the restored PVCs.
In the left-side navigation pane, choose Network > Services.
On the Services page, click the external endpoint of the Service to check whether you can access the Service.

References

For more information about how to migrate applications across clusters that use different volume plug-ins or run different Kubernetes versions, see Use the backup center to migrate applications in an ACK cluster that runs an old Kubernetes version.
For more information about how to migrate applications cross clusters in the same region, see Migrate applications across clusters in the same region.
For more information about how to migrate applications across regions, see Migrate applications across clusters in different regions.
For more information about how to use kubectl to migrate applications, see Use kubectl to back up and restore applications.