Container Service for Kubernetes:Use kubectl to back up and restore cluster applications

Prerequisites

Before you begin, ensure that you have:

• Installed the migrate-controller backup service component and configured the required permissions. See Install the migrate-controller component.

Important notes

• Keep migrate-controller up to date. Outdated versions may cause unexpected behavior. See Manage components.

• Use DeleteRequest to remove backup and restore jobs. Backup and restore tasks cannot be simply deleted using the kubectl delete command. To delete both the CR and its associated backup data, create a DeleteRequest CR instead. See Step 4: Delete backup and restore resources.

• Do not remove parameters from the example YAML files. Deleting required fields causes backup and restore operations to fail.

• BackupLocation resources cannot be deleted through Backup Center because a backup repository may be shared across multiple clusters.

Step 1: Create a backup repository

A backup repository (BackupLocation) points to the OSS bucket where backup data is stored. Create the same BackupLocation on both the backup cluster and the restore cluster so both can access the same data.

1. Create backuplocation.yaml with the following content:

   apiVersion: csdr.alibabacloud.com/v1beta1
   kind: BackupLocation
   metadata:
     name: <your-backup-location-name>   # Must follow Kubernetes naming conventions
     namespace: csdr
   spec:
     backupSyncPeriod: 0s
     config:
       network: internal   # internal: clusters and bucket must be in the same region
                           # public: no region restriction
       region: cn-beijing  # Region where the OSS bucket is located
     objectStorage:
       bucket: <cnfs-oss-your-bucket-name>   # Must start with cnfs-oss-; create in advance
       prefix: <your-subdirectory-name>       # Optional: store backups in this subdirectory
     provider: alibabacloud

2. Apply the manifest on both clusters:

   kubectl apply -f backuplocation.yaml

3. Verify the backup repository is available on each cluster:

   kubectl describe backuplocation <your-backup-location-name> -n csdr

   The repository is ready when Phase shows Available:

   ...
   Status:
     Last Validation Time:  2022-12-08T04:00:22Z
     Message:               success by csdr-controller
     Phase:                 Available

   Available confirms the cluster has direct access to the OSS bucket.

Step 2: Create a backup job

Backup Center supports two backup types:

• Application Backup: Backs up Kubernetes resources (such as StatefulSets and Deployments) together with the Persistent Volumes (PVs) they use.

• Data Protection: Backs up PVs only, without the associated application resources.

For guidance on choosing between them, see Scenarios for Application Backup and Data Protection.

Each type supports on-demand and scheduled backups.

Step 3: Create a restore task

1. Create applicationrestore.yaml in the restore cluster:

   appRestoreOnly, preserveNodePorts, includedResources, and excludedResources apply only to Application Backup jobs and have no effect in Data Protection scenarios.

   To find the PVC names and data types in a backup, run kubectl -ncsdr describe <backup-name> and inspect status.resourceList.dataResource.pvcBackupInfo. The dataType field shows FileSystem or Snapshot, and nameSpace and pvcName identify the PVC.

   apiVersion: csdr.alibabacloud.com/v1beta1
   kind: ApplicationRestore
   metadata:
     annotations:
       csdr.alibabacloud.com/backuplocations: >-
         {"name":"<your-backup-repository-name>","region":"cn-beijing","bucket":"<your-oss-bucket-name>","prefix":"<your-subdirectory-name>","provider":"alibabacloud"}
     name: <your-application-restore-name>
     namespace: csdr
   spec:
     backupName: <your-application-backup-name>   # For scheduled backups, specify the
                                                   # point-in-time name, e.g.:
                                                   # <your-backup-schedule-name>-20221205225845
     includedNamespaces:
       - default             # Namespaces to restore; leave blank to restore all namespaces
     appRestoreOnly: false   # Application Backup only; ignored in Data Protection
                             # false (default): restore app resources and PV data
                             # true: restore app resources only (use when manually
                             #       pre-creating PVCs before restore)
     preserveNodePorts: true # Application Backup only; ignored in Data Protection
                             # false: assign random NodePort values (use when restoring
                             #        to the same cluster to avoid port conflicts)
                             # true: preserve original NodePort values (use when
                             #       restoring to a different cluster)
     includedResources:
       - statefulset         # Application Backup only; resource types to restore
     excludedResources:
       - secret              # Application Backup only; resource types to skip
     namespaceMapping:
       <source-namespace>: <target-namespace>   # Remap namespace during restore;
                                                 # target namespace is created if it
                                                 # doesn't exist
     imageRegistryMapping:
       <old-image-registry>: <new-image-registry>   # Remap image registry for all
                                                      # images whose address starts with
                                                      # the source prefix
     convertedarg:           # StorageClass conversions for file system-type volumes
                             # (OSS, Apsara File Storage NAS, Cloud Parallel File
                             # Storage (CPFS), or local storage) to a Cloud Disk or
                             # Apsara File Storage NAS StorageClass
       - convertToStorageClassType: alicloud-disk-topology-alltype   # Target StorageClass
                                                                      # (must exist in cluster)
         convertToAccessModes:
           - ReadWriteOnce   # Required when converting PVs with ReadWriteMany or
                             # ReadOnlyMany access modes to a Cloud Disk StorageClass
         namespace: nas
         persistentVolumeClaim: pvc-nas
       - convertToStorageClassType: alicloud-disk-topology-alltype
         namespace: oss
         persistentVolumeClaim: pvc-oss

2. Apply the manifest in the restore cluster:

   kubectl apply -f applicationrestore.yaml

3. Check the restore status:

   kubectl describe applicationrestore <your-application-restore-name> -n csdr

   The restore is complete when Phase changes from Inprogress to Completed:

   ...
   Status:
     Completion Timestamp:  2022-12-05T15:52:19Z
     Phase:                 Completed
     Start Timestamp:       2022-12-05T15:52:09Z

Step 4: Delete backup and restore resources

kubectl delete backupschedule <your-backup-schedule-name> -n csdr

What's next

• To manage backups from the ACK console instead of kubectl, see:

  • Back up and restore applications within a cluster

  • Migrate applications across clusters in the same region

  • Migrate applications across clusters in different regions

• To migrate applications from an earlier Kubernetes version, see Use Backup Center to migrate applications from an earlier-version Kubernetes cluster.

• To automate backup and restore with Terraform, see Back up and restore applications using Terraform.