Container Service for Kubernetes (ACK) allows you to back up and restore stateful applications deployed in an ACK cluster. This is an all-in-one solution to achieve crash consistency, application consistency, and cross-region disaster recovery for stateful applications in ACK clusters. This topic describes how to use the application backup feature in the ACK console to back up applications, create snapshots, and restore applications in an ACK cluster.
migrate-controller is installed and permissions are granted. For more information, see Install migrate-controller and grant permissions.
When you back up an application, the resources in the Deleting state are not backed up.
Hybrid Backup Recovery (HBR) is activated. The backup center uses HBR in hybrid cloud scenarios or when you want to back up Apsara File Storage NAS (NAS), Object Storage Service (OSS), or disk volumes. For more information, see HBR.
If you want to create snapshots of disk volumes, you must install Container Storage Interface (CSI) V1.1.0 or later. For more information about how to install the CSI plug-in, see Install and upgrade the CSI plug-in.
If you want to create snapshots of Apsara File Storage NAS (NAS) volumes, you must first create a StorageClass. To create a snapshot of a NAS volume, select alibabacloud-cnfs-nas in the Change StorageClass column of the related persistent volume claim (PVC) when you create the snapshot. For more information, see Use CNFS to manage NAS file systems.
If you use cloud disks, NAS file systems, Cloud Backup resources, or snapshots when you back up an application, you are billed based on the following rules:
For more information about the billing of disks, see Block storage devices.
For more information about the billing of NAS, see NAS billing overview.
For more information about the billing of Cloud Backup, see Billing methods and billable items.
For more information about the billing of snapshots, see Snapshots.
Step 1: Create a backup vault
When you back up applications in an ACK cluster, the backup files are stored in an Object Storage Service (OSS) bucket. If no backup vault is available when you create a backup task, you must perform the operations in Step 1.
You need to create only one backup vault in the region where your cluster is deployed. ACK clusters that are deployed in the region can share the specified backup vault.
You cannot update existing backup vaults. Existing backup vaults can only be deleted. If you create a backup vault that has the same name as a deleted backup vault, the backup vault that you create cannot be used by clusters that have used the application backup feature.
Log on to the ACK console. In the left-side navigation pane, choose .
On the Backup Center page, click Create.
In the Create panel, configure the parameters and click OK.
The name of the backup vault. The name can contain lowercase letters and digits.
OSS Bucket Region
The region where the OSS bucket that you want to use is deployed.
OSS Bucket Name
The name of the OSS bucket. If you use an ACK managed cluster, the name of the OSS bucket must start with cnfs-oss****. You can claim a bucket by using CNFS OSS.
OSS Bucket Subdirectory
The subdirectory of the OSS bucket. This parameter is optional.
The visibility of the backup vault to other users. Valid values:
The backup vault is visible only to Alibaba Cloud accounts and the creator.
The backup vault is visible to Alibaba Cloud accounts and RAM users.
Step 2: Create a backup task
On the Backup Center page, click Create Backup Plan. In the dialog box that appears, select a cluster from the drop-down list and click OK.
The system automatically checks whether the backup service component is installed. If not, follow the instructions on the page to install the backup service component. For more information, see Step 1: Install migrate-controller.
In the Create Backup Plan panel, configure backup parameters and click OK.Note
The name of the backup task can contain only lowercase letters and digits, and cannot contain space characters.
You can select one or more backup namespaces.
You can specify only one resource label in each backup task.
Volume snapshots are created by using the snapshot feature for Alibaba Cloud disks. Cloud Backup is a fully managed service that offers improved efficiency, security, and cost savings in backup and storage.
Scheduled backup plans are supported. You can use Linux cron expressions or specify intervals to schedule backup plans.
After you enable scheduled backup plans, you can view the details about scheduled backup plans on the Backup Plans tab of the Application Backup page.
The name of the backup task. This parameter is required.
Select the backup vault that you want to use. This parameter is required.
Include: Back up applications in the namespaces specified in Backup Namespaces. If a specified namespace is deleted, applications in the namespace are not backed up.
Exclude: Back up applications in namespaces other than those specified in Backup Namespaces. Applications in newly created namespaces are also backed up.Note
You can select Exclude only when you create a backup plan.
You can select one or more namespaces. Applications in the selected namespaces are backed up or skipped. This parameter is required.Note
The kube-system, kube-publish, kube-node-lease, and csdr namespaces strongly rely on the cluster. The backup and restore feature is not suitable for these namespaces. Therefore, you cannot back up applications in these namespaces.
Specify whether to enable volume backup to back up application data.
If you select Volume Backup, this feature is enabled. If the application data is stored in disks, the data is backed up by creating volume snapshots. If the application data is not stored in disks, the data is backed up by using Cloud Backup.
You can select Back up Now or Scheduled Backup.
If you select Scheduled Backup, you must specify a backup cycle. You can enter a cron expression to set a backup schedule. For more information about how to use cron expressions, see how-use-cron-linux.
Specify a label. Applications that have this label are backed up.
Specify one or more resource object names that are separated by commas (,). Example:
deploy, configmap. Only the specified Kubernetes resources are backed up.
You can specify one or more Kubernetes resources that you want to exclude from the backup task and separate them with commas (,). Example:
pod or Secret. The excluded resources are not backed up.
The validity period of backups. Expired backups cannot be restored. The validity period ranges from 1 to 65535. Unit: day.
On the Backups and Snapshots tab, if the status of the backup task is Completed, the task is created.
You can use the clone feature to clone scheduled backup plans and real-time backup tasks.
Scheduled backup plans: On the Backup Plans tab, click Clone in the Actions column of the scheduled backup plan that you want to clone to quickly create a new plan.
Real-time backup tasks: On the Backups and Snapshots tab, click Clone in the Actions column of the backup task that you want to clone to quickly create a new task.
Step 3: Create snapshots for volumes of CNFS types
If you enable Volume Backup and use storage other than disks to store data when you create a backup task, the Cloud Backup service is used to back up the data. You can create disk snapshots or Container Network File System (CNFS) snapshots based on your business requirements.
On the Application Backup page, click the Backups and Snapshots tab.
Click Create Snapshot in the Actions column of the backup task that you created.
In the Create Snapshot dialog box, select the PVC that you want to convert and select a storage type from the drop-down list in the StorageClass column. Then, click Create Snapshot. If the Backup Type column displays Snapshot, a snapshot is already created. In this case, you can skip the preceding steps.Note
You must select a storage type for the PVC from the drop-down list in the StorageClass column. Otherwise, the generated snapshot cannot be used to restore data.
NAS volumes and disk volumes are supported. We recommend that you select NAS volumes (alibabacloud-cnfs-nas) and disk volumes (alicloud-disk).
After the status of the related PVC changes to ConvertionCompleted, the snapshot is created. The following figure shows an example.
Step 4: Restore the application and volume
Before you restore the application data, make sure that you have created a snapshot of the volume that needs to be backed up.
On the Application Backup page, click the Restore tab.
On the Restore tab, click Create Restoration Task.
In the Create Restoration Task panel, set the following parameters and click OK.
After you select the backup vault that you want to use, click Initialize Backup Vault to associate the backup vault with the cluster. You need to associate a backup vault with a cluster only once. After the backup vault is initialized, you can select a backup file in the backup vault to restore the application.
The name of the restoration task. The name can contain only lowercase letters and digits.
Select the backup vault where backup files are stored.
Select a backup file.
If you want to select backup files in other namespaces, click Add, select the namespace to which the backup files belong, and then specify the namespace to which the backup files are restored after the colon (:).Note
The system does not overwrite existing resources in the cluster when it restores data. It restores only resources that do not exist in the cluster. Before you can restore an application to an earlier version, you must delete the existing resources of the application.
In the lower-left corner of the panel, click OK.
Verify that the related stateful or stateless application, volumes, and Services can be started and accessed as normal.
In the left-side navigation pane of the details page of the cluster to which you want to restore the application, choose .
Find the application and click Details in the Actions column.
On the Pods tab, confirm that the status of the restored Deployment is Running.
In the left-side navigation pane of the details page, choose .
On the Persistent Volume Claims page, you can view the PVC that is restored.
In the left-side navigation pane of the details page, choose .
On the Services page, click the external endpoint to check whether the Service can be accessed.