Container Service for Kubernetes:Migrate applications from a Kubernetes cluster on a third-party cloud platform to an ACK cluster

Limitations

Review these constraints before starting. Discovering them mid-migration can block progress.

• CSI plug-in required in the restore cluster. Clusters using FlexVolume, or using csi-compatible-controller with FlexVolume, do not support application restoration.

• Kubernetes version requirements. The source cluster must run Kubernetes 1.16 or later. The ACK restore cluster must run Kubernetes 1.18 or later.

• One-time vault association. Each backup vault can be associated with a restore cluster only once.

How it works

1. Connect your third-party Kubernetes cluster to a registered cluster in Alibaba Cloud Distributed Cloud Container Platform (ACK One).

2. Run a backup task in the registered cluster to back up the application and its volumes to an Object Storage Service (OSS) bucket via Cloud Backup.

3. Associate the backup vault with the target ACK cluster.

4. Restore the application in the ACK cluster, with automatic StorageClass conversion to an Alibaba Cloud-native storage class.

Prerequisites

Before you begin, make sure you have:

• A registered cluster created in ACK One, connected to a third-party Kubernetes cluster running Kubernetes 1.16 or later. For more information, see Create a registered cluster.

• An ACK managed cluster or ACK dedicated cluster (Kubernetes 1.18 or later) deployed in the same region as the registered cluster. For more information, see Create an ACK managed cluster or Create an ACK dedicated cluster.

• The cluster backup feature enabled on both the registered cluster and the ACK cluster. For more information, see Install migrate-controller and grant permissions.

• Cloud Backup activated.

• If the registered cluster connects to a virtual private cloud (VPC) through Cloud Enterprise Network (CEN), Express Connect, or a VPN connection: a route configured to the internal network of the region where the OSS bucket resides. For more information, see Internal OSS endpoints and VIP ranges.

Usage notes

• When backing up local volumes, create persistent volumes (PVs) and persistent volume claims (PVCs) to mount the local volumes.

• When backing up object storage, file storage, or block storage provided by third-party service providers, use the CSI plug-in to mount the volumes with PVs and PVCs.

Preparations

Complete the following checks before running the backup task.

In the registered cluster

A Resource Access Management (RAM) user must exist with OSS and Cloud Backup permissions, and a Secret named alibaba-addon-secret must be present in the csdr namespace with that user's AccessKey ID and AccessKey Secret. Run the following command to confirm:

kubectl get secret alibaba-addon-secret -n csdr

Expected output:

alibaba-addon-secret   Opaque   2      5d22h

In the ACK cluster

• ACK managed cluster: Cloud Backup is activated and an OSS bucket named cnfs-oss-**** exists.

• ACK dedicated cluster: The worker RAM role has OSS and Cloud Backup permissions. For more information, see Install migrate-controller and grant permissions.

Step 1: Deploy the application in the external Kubernetes cluster

Run all commands in this step against the external Kubernetes cluster (the source cluster connected to your registered cluster).

This example uses a MySQL application with a persistent volume claim (PVC) named mysql-pvc, a persistent volume (PV) named mysql-pv, and a mount path of /mnt.

1. Create a namespace named test1:

   kubectl create namespace test1

2. Mount the MySQL application's volume using the Container Storage Interface (CSI) plug-in with a PV and PVC. Refer to the CSI documentation from your third-party cloud provider. If your cluster does not support CSI, connect it to the registered cluster to use the Alibaba Cloud CSI plug-in instead. For more information, see Storage - CSI.

3. Confirm the application is running:

   kubectl -n test1 get pod | grep mysql-sts

   Expected output:

   mysql-sts-0   1/1     Running   0         1m02s

4. Verify that the PV configuration includes CSI fields:

   kubectl -n test1 get pv mysql-pv -oyaml

   Expected output (excerpt):

   csi:
     driver: ****
     volumeAttributes:
       xxxx: xxxx
       xxxx: xxxx
     volumeHandle: mysql-pv

5. Log in to the MySQL container:

   kubectl -n test1 exec -it mysql-sts-0 -- /bin/bash

6. Create test files to verify data restoration later:

   cd /mnt && touch test && ls

   Expected output:

   test

Step 2: Back up the application in the registered cluster

Run all operations in this step against the registered cluster in the ACK console.

1. If no backup vault exists in your account, create one first. For more information, see Create a backup vaultsee Cloud Backup..

2. Create a real-time backup task named mysql-backup in the registered cluster. For more information, see Create a backup task.

   Parameter	Value
   Name	mysql-backup
   Backup Vaults	Select the vault you created
   Backup Namespaces	test1
   Volume Backup	Select Volume Backup to include persistent data

3. On the Application Backup page, click the Backup Records tab. Wait until the status of mysql-backup changes from InProgress to Completed.

Step 3: Associate the backup vault with the ACK cluster

Run all operations in this step against the ACK cluster in the ACK console.

The backup vault must be associated with the ACK cluster before it can be used as a restore target. Each vault can be associated only once — after initialization, backup tasks in the registered cluster sync to the ACK cluster automatically.

1. On the Application Backup page, click Restore.

2. In the Restore panel, enter a Name and select Backup Vaults, then click Initialize Backup Vault on the right side to associate the vault with the ACK cluster.

3. After initialization completes, select the restore task from the backup vault and click OK.

4. On the Backup Records tab, wait for mysql-backup to appear in the list.

Step 4: Restore the application in the ACK cluster

Run all operations in this step against the ACK cluster in the ACK console.

The ACK cluster uses Alibaba Cloud-native storage (NAS via the alibabacloud-cnfs-nas StorageClass) instead of the third-party storage used in the source cluster. The restore task maps the original StorageClass to the ACK-compatible one and writes data into a dynamically provisioned PV.

1. Create a restore task named mysql-restore. For more information, see Restore applications and volumes.

   Parameter	Value
   Name	mysql-restore
   Backup Vaults	Select the vault you created
   Select Backup	mysql-backup
   Reset Namespace	Change test1 to test2
   StorageClass Conversion	For mysql-pvc, select alibabacloud-cnfs-nas

2. Click View Restoration Records on the right side of Restore. Wait until mysql-restore changes from InProgress to Completed.

3. Verify the application is running in the ACK cluster:

   kubectl -n test2 get pod | grep mysql-sts

   Expected output:

   mysql-sts-0   1/1     Running   0          4s

4. Verify the data is restored:

   1. Check that the PVC's StorageClass has changed to alibabacloud-cnfs-nas:

      kubectl -n test2 get pvc | grep mysql-pvc

      Expected output:

      mysql-pvc   Bound    nas-****   25Gi       RWO            alibabacloud-cnfs-nas   3m24s

   2. Confirm the PVC is mounted to the MySQL pod:

      kubectl -n test2 describe pvc mysql-pvc | grep "Used By"

      Expected output:

      Used By:       mysql-sts-0

   3. Log in to the MySQL container and check the test data:

      kubectl -n test2 exec -it mysql-sts-0 -- /bin/bash

      cd /mnt && ls

      Expected output:

      test

      The test file is present, confirming that data was successfully restored.

What's next

• To learn about backup and restore operations in more detail, see Overview of registered clusters.

• To configure additional system components in your ACK cluster for application compatibility, see Install migrate-controller and grant permissions.