Back up and restore applications in an ACK cluster - Container Service for Kubernetes

You can use the backup center to back up and restore applications in Container Service for Kubernetes (ACK) clusters for disaster recovery.

Limits

When the backup center backs up applications, the resources that are being deleted are not backed up.
Only ACK clusters that run Kubernetes 1.16 or later support the backup center. For more information about how to update the Kubernetes version of an ACK cluster, see Manually update ACK clusters.
By default, Elastic Compute Service (ECS) snapshots are created to back up disks. Only ACK clusters that run Kubernetes 1.18 or later and use CSI support ECS snapshots. If your cluster does not meet the requirement, use Cloud Backup.

Prerequisites

migrate-controller is installed and permissions are granted. For more information, see Install migrate-controller and grant permissions.
To create disk snapshots to back up volumes, you must install CSI 1.1.0 or later. For more information about how to install the CSI plug-in, see Install and upgrade the CSI plug-in.
To restore backups to Apsara File Storage NAS (NAS) volumes managed by CNFS (by setting StorageClass to alibabacloud-cnfs-nas), you need to create a StorageClass first. For more information, see Use CNFS to manage NAS file systems.

Billing

The following topics describe the billing of disks, NAS file systems, Cloud Backup, and snapshots that you may use when creating backups.

For more information about the billing of disks, see Block storage devices.
For more information about the billing of NAS, see NAS billing overview.
For more information about the billing of Cloud Backup, see Billing methods and billable items.
For more information about the billing of disk snapshots, see Snapshots.

Step 1: Create a backup vault

When you back up applications in an ACK cluster, the backup files are stored in an Object Storage Service (OSS) bucket. If no backup vault is available when you create a backup task, you must perform the operations in Step 1.

Note

You need to create only one backup vault in the region of your ACK clusters. The ACK clusters can shared the backup vault.
You cannot update existing backup vaults. Existing backup vaults can only be deleted. If you create a backup vault that has the same name as a deleted backup vault, the backup vault that you create cannot be used by clusters that have used the application backup feature.

Log on to the ACK console. In the left-side navigation pane, choose Multi-cluster > Backup Center.
On the Backup Center page, click Create Backup Vault.

In the Create Backup Vault panel, configure parameters and click OK.

Parameter	Description
Vault Name	The name of the backup vault. The name can contain lowercase letters and digits.
OSS Bucket Region	The region where the OSS bucket that you want to use is deployed.
OSS Bucket Name	The name of the OSS bucket. If you use an ACK managed cluster, you need to create an OSS bucket before you perform this step. The OSS bucket must be named in the cnfs-oss**** format.
OSS Bucket Subdirectory	The subdirectory of the OSS bucket. This parameter is optional.
Visible Scope	The visibility of the backup vault to other users. Valid values: The backup vault is visible only to Alibaba Cloud accounts and the creator. The backup vault is visible to Alibaba Cloud accounts and RAM users.

Step 2: Create a backup plan or back up instantly

Create a backup plan: The system periodically creates backup tasks based on the backup cycle until the backup plan is deleted. You can specify a backup cycle to allow the system to create backup tasks at an interval or at a scheduled time of each day, week, or month.
Back up instantly: The system creates a backup task to back up applications at the current time.

After you create a backup plan or choose to back up instantly, a backup task is issued to the ACK cluster. The status of the backup task is displayed on the Backup Records tab.

Create a backup schedule

On the Clusters page, click the name of the cluster that you want to manage and choose Operations > Application Backup in the left-side navigation pane.
The system automatically checks whether the backup service component is installed. If not, follow the instructions on the page to install the backup service component. If you use a registered cluster or ACK dedicated cluster, you also need to configure permissions. For more information, see Install migrate-controller and grant permissions.

On the Application Backup page, click Create Backup Plan. In the Create Backup Plan panel, configure parameters and click OK.

Note

The backup plan name can contain lowercase letters and digits. Space characters are not allowed.
You can select multiple namespaces for the backup plan.
You can specify only one backup label.
Disk snapshots are empowered by the snapshot technology of Alibaba Cloud. Cloud Backup is a high-performance, secure, cost-efficient, and fully-hosted cloud backup and storage service.
You can use a Linux crontab expression to specify a backup cycle or specify a backup interval.

Parameter	Description
Name	The name of the backup plan. This parameter is required.
Backup Vaults	Select the backup vault that you want to use. This parameter is required.
Select Namespace	Include: Back up applications in the namespaces specified in Backup Namespaces. If a specified namespace is deleted, applications in the namespace are not backed up. Exclude: Back up applications in namespaces other than those specified in Backup Namespaces. Applications in newly created namespaces are also backed up. Note The Select Namespace parameter is available only for backup plans. If you choose to back up instantly, only the Include mode is supported.
Backup Namespaces	You can select one or more namespaces. Applications in the selected namespaces are backed up or skipped. This parameter is required. Note The kube-system, kube-publish, kube-node-lease, and csdr namespaces strongly rely on the cluster. The backup and restore feature is not suitable for these namespaces. Therefore, you cannot back up applications in these namespaces.
Backup Cycle	Enter a crontab expression. You need to specify a backup cycle only when you create a backup plan. For more information, see How do I specify the backup cycle when creating a backup plan?
Volume Backup	Specify whether to back up data in volumes used by applications. If you select Enable, ECS snapshots are created or Cloud Backup is used to back up data in volumes. Disk volumes: By default, ECS snapshots are created to back up disk volumes. Other types of volumes: Cloud Backup is used. During the restoration process, data is restored from ECS snapshots or Cloud Backup to new disk volumes. Important If you do not enable volume backup and have not excluded persistent volumes (PVs) and persistent volume claims (PVCs) from the backup list, only the YAML files of the PVs and PVCs are backed up. The data stored in volumes is not backed up. The YAML files contain the underlying storage information, such as disk IDs and NAS server information. During the restoration process, PVs and PVCs are restored from the YAML files by creating statically provisioned volumes.
Label	Specify a label. Applications that have this label are backed up.
Specify Resources	Specify one or more resource object names that are separated by commas (,). Example: `deploy, configmap`. Only the specified Kubernetes resources are backed up.
Excluded Resources	You can specify one or more Kubernetes resources that you want to exclude from the backup task and separate them with commas (,). Example: `pod or Secret`. The excluded resources are not backed up.
Validity Period	The validity period of backups. Expired backups cannot be restored. Valid values: 1 to 65536. Unit: days.

What to do next

On the Backup Plans tab of the Application Backup page, you can click View Backup Records in the Actions column of a backup plan to view backup records. If the Status column displays Completed, backups are created.

On the Backup Plans tab of the Application Backup page, you can click Edit in the Actions column of a backup plan to modify the backup namespaces and backup cycle.

Back up instantly

On the Clusters page, click the name of the cluster that you want to manage and choose Operations > Application Backup in the left-side navigation pane.
The system automatically checks whether the backup service component is installed. If not, follow the instructions on the page to install the backup service component. If you use a registered cluster or ACK dedicated cluster, you also need to configure permissions. For more information, see Install migrate-controller and grant permissions.

On the Application Backup page, click Back up Now. In the Back up Now panel, configure parameters and click OK.

Note

The task name can contain lowercase letters and digits. Space characters are not allowed.
You can select one or more namespaces to back up applications.
You can specify only one backup label.
Disk snapshots are empowered by the snapshot technology of Alibaba Cloud. Cloud Backup is a high-performance, secure, cost-efficient, and fully-hosted cloud backup and storage service.

Parameter	Description
Name	The name of the real-time backup task. This parameter is required.
Backup Vaults	Select the backup vault that you want to use. This parameter is required.
Backup Namespaces	You can select one or more namespaces. Applications in the selected namespaces are backed up or skipped. This parameter is required. Note The kube-system, kube-publish, kube-node-lease, and csdr namespaces strongly rely on the cluster. The backup and restore feature is not suitable for these namespaces. Therefore, you cannot back up applications in these namespaces.
Volume Backup	Specify whether to back up data in volumes used by applications. If you select Enable, ECS snapshots are created or Cloud Backup is used to back up data in volumes. Disk volumes: By default, ECS snapshots are created to back up disk volumes. Other types of volumes: Cloud Backup is used. During the restoration process, data is restored from ECS snapshots or Cloud Backup to new disk volumes. Important If you do not enable volume backup and have not excluded persistent volumes (PVs) and persistent volume claims (PVCs) from the backup list, only the YAML files of the PVs and PVCs are backed up. The data stored in volumes is not backed up. The YAML files contain the underlying storage information, such as disk IDs and NAS server information. During the restoration process, PVs and PVCs are restored from the YAML files by creating statically provisioned volumes.
Label	Specify a label. Applications that have this label are backed up.
Specify Resources	Specify one or more resource object names that are separated by commas (,). Example: `deploy, configmap`. Only the specified Kubernetes resources are backed up.
Excluded Resources	You can specify one or more Kubernetes resources that you want to exclude from the backup task and separate them with commas (,). Example: `pod or Secret`. The excluded resources are not backed up.
Validity Period	The validity period of backups. Expired backups cannot be restored. Valid values: 1 to 65536. Unit: days.

What to do next

On the Backup Plans tab of the Application Backup page, if the Status column of a backup record displays Completed, backups are created.

You can click Clone in the Actions column of a backup record to create a real-time backup task from the backup record.

Step 3: Restore applications and volumes

Important

The system does not overwrite existing resources in the cluster when it restores data. It restores only resources that do not exist in the cluster. If the cluster already contains resources that you want to restore, delete the existing resources before you perform the restoration.

On the Application Backup page, click Restore.

In the Restore panel, configure parameters and click OK.

Parameter	Description
Name	The name of the restore task. The name can contain lowercase letters and digits.
Backup Vaults	Select the backup vault where backup files are stored. After you select a backup vault, click Initialize Backup Vault to associate the restore cluster with the backup vault. You need to associate a backup vault with a cluster only once. After the backup vault is initialized, you can select a backup file from the backup vault to restore data.
Select Backup	Select a backup file.
Reset Namespace	If you want to select backup files in other namespaces, click Add, select the namespace to which the backup files belong, and then specify the namespace to which the backup files are restored after the colon (:).
StorageClass Conversion	The snapshot feature is renamed as StorageClass conversion. This feature can convert the StorageClasses of PVCs in volume backups. For example, your application uses NAS volumes. After you select the alicloud-disk StorageClass, the restored application uses disk volumes. Important You can convert only the StorageClasses of volumes of the FileSystem type (volumes other than disk volumes created by Cloud Backup).

Verify that the related stateful or stateless application, volumes, and Services can be started and accessed as normal.
1. In the left-side navigation pane of the restore cluster management page, choose Workloads > Deployments.
2. Find the application and click Details in the Actions column.
  On the Pods tab, confirm that the status of the restored Deployment is Running.
3. In the left-side navigation pane of the details page, choose Volumes > Persistent Volume Claims.
  On the Persistent Volume Claims page, confirm that the PVCs are restored and displayed.
4. In the left-side navigation pane of the details page, choose Network > Services.
5. On the Services page, click the external endpoint of a Service to check whether the Service can be accessed.

References

For more information about how to migrate applications across clusters that use different volume plug-ins or run different Kubernetes versions, see Use the backup center to migrate applications in an ACK cluster that runs an old Kubernetes version.
For more information about how to migrate applications cross clusters in the same region, see Migrate applications across clusters in the same region.
For more information about how to migrate applications across regions, see Migrate applications across clusters in different regions.
For more information about how to use kubectl to migrate applications, see Use kubectl to back up and restore applications.