使用Velero Restic快速完成云原生应用及PV数据从GKE到至ACK的迁移-阿里云开发者社区

开发者社区> 云原生> 正文

使用Velero Restic快速完成云原生应用及PV数据从GKE到至ACK的迁移

简介: 本文记录使用Velero Restic快速完成云原生应用及PV数据从GKE到至ACK的迁移的实践过程。 此过程也同样适用于自建Kubernetes集群内的应用及PV数据迁移至ACK。 ## 实践步骤概览 (1)创建GKE集群(或自建Kubernetes集群) (2)在GKE集群上部署示例应用Jenkins Application并执行一个构建任务 (3)[创建ACK集群](http

本文记录使用Velero Restic快速完成云原生应用及PV数据从GKE到至ACK的迁移的实践过程。 此过程也同样适用于自建Kubernetes集群内的应用及PV数据迁移至ACK。

实践步骤概览

(1)创建GKE集群(或自建Kubernetes集群)
(2)在GKE集群上部署示例应用Jenkins Application并执行一个构建任务
(3)创建ACK集群
(4)在ACK集群中部署Minio Service用于应用迁移时数据中转服务
(5)在GKE上部署Velero并备份整个Jenkins Application(或其他任意应用)
(6)把Jenkins Application使用的容器镜像同步到阿里云容器镜像仓库
(7)在ACK上创建Jenkins Application所使用的StorageClass
(8)在ACK上部署Velero并恢复整个Jenkins Application
(9)在ACK上替换Jenkins Application所使用的容器镜像
(10)验证Jenkins Application能否正常提供服务及其构建任务是否存在

环境物料清单

(1)GKE集群(或自建Kubernetes集群)
(2)ACK集群

创建GKE集群并部署示例应用Jenkins Application

(1) 在MarketPlace中找到Jenkins应用并配置部署到GKE集群的jenkins命名空间下:
image

(2)应用正在完成部署:
image

(3)查看Ingress并访问jenkins服务:
image

(4)Jenkins应用的初始化配置:
image

image

(5)Jenkin应用上创建一个名为gke-to-ack的任务并执行构建:
这个步骤相当于往PV存储卷中写数据。
image

image

image

(6)Jenkins应用的k8s资源列表如下

$ kubectl -n jenkins get deploy
NAME                         DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
jenkins-jenkins-deployment   1         1         1            1           177m
$ kubectl -n jenkins get svc
NAME                               TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
jenkins-jenkins-agents-connector   ClusterIP   10.39.241.75    <none>        50000/TCP        177m
jenkins-jenkins-ui                 NodePort    10.39.253.141   <none>        8080:31759/TCP   177m
$ kubectl -n jenkins get ing
NAME                 HOSTS   ADDRESS        PORTS     AGE
jenkins-jenkins-ui   *       xx.xx.xx.xx   80, 443   177m
$ kubectl -n jenkins get pvc
NAME                  STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
jenkins-jenkins-pvc   Bound    pvc-e64eacc4-a482-11e9-bfa9-42010a8000da   8Gi        RWO            standard       177m
$ kubectl -n jenkins get pv
NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                                                       STORAGECLASS   REASON   AGE
pvc-e64eacc4-a482-11e9-bfa9-42010a8000da   8Gi        RWO            Delete           Bound    jenkins/jenkins-jenkins-pvc                                 standard                177m

创建ACK集群并部署Minio对象存储应用

Minio对象存储服务用于存储PV持久化数据, 我们即将支持阿里云OSS对象存储服务。

(1) 自定义替换minio-deploy.yaml中的 MINIO_ACCESS_KEY 和 MINIO_SECRET_KEY值并部署:

kubectl apply -f minio-deploy.yaml
---
apiVersion: v1
kind: Namespace
metadata:
  name: minio

---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  namespace: minio
  name: minio
  labels:
    component: minio
spec:
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        component: minio
    spec:
      volumes:
      - name: storage
        emptyDir: {}
      - name: config
        emptyDir: {}
      containers:
      - name: minio
        image: minio/minio:latest
        imagePullPolicy: IfNotPresent
        args:
        - server
        - /storage
        - --config-dir=/config
        env:
        - name: MINIO_ACCESS_KEY
          value: "<your MINIO_ACCESS_KEY>"
        - name: MINIO_SECRET_KEY
          value: "your MINIO_SECRET_KEY"
        ports:
        - containerPort: 9000
        volumeMounts:
        - name: storage
          mountPath: "/storage"
        - name: config
          mountPath: "/config"

---
apiVersion: v1
kind: Service
metadata:
  namespace: minio
  name: minio
  labels:
    component: minio
spec:
  # ClusterIP is recommended for production environments.
  # Change to NodePort if needed per documentation,
  # but only if you run Minio in a test/trial environment, for example with Minikube.
  type: LoadBalancer
  ports:
    - port: 9000
      targetPort: 9000
      protocol: TCP
  selector:
    component: minio

(2) 查看minio LoadBalancer信息并登陆应用:

$ kubectl -n minio get svc
NAME    TYPE           CLUSTER-IP     EXTERNAL-IP      PORT(S)          AGE
minio   LoadBalancer   172.21.2.216   xxx.xxx.xxx.xx   9000:30912/TCP   2d4h

image

(3) 替换minio-job.yaml中的minio_server_url minino_access_key minio_secret_key并运行job在minio中创建名为velero的bucket:

kubectl apply -f minio-job.yaml
apiVersion: batch/v1
kind: Job
metadata:
  namespace: minio
  name: minio-setup
  labels:
    component: minio
spec:
  template:
    metadata:
      name: minio-setup
    spec:
      restartPolicy: OnFailure
      volumes:
      - name: config
        emptyDir: {}
      containers:
      - name: mc
        image: minio/mc:latest
        imagePullPolicy: IfNotPresent
        command:
        - /bin/sh
        - -c
        - "mc --config-dir=/config config host add velero <your minio_server_url> <your minino_access_key> <your minio_secret_key> && mc --config-dir=/config mb -p velero/velero"
        volumeMounts:
        - name: config
          mountPath: "/config"

(4) 查看bucket是否创建成功:
image

在GKE和ACK上部署velero

(1) 安装velero client:
请从official release下载最新版本的velero客户端:

(2) 安装velero server:
创建credentials-velero文件并设置aws_access_key_id 与 aws_secret_access_key的值

[default]
aws_access_key_id = <your minio_access_key>
aws_secret_access_key = <your minio_secret_key>

ACK集群中请替换minio_server_url的值并指定image参数部署velero server

velero install     --provider aws    --image registry.cn-hangzhou.aliyuncs.com/acs/velero:latest  --bucket velero     --secret-file ./credentials-velero     --use-volume-snapshots=false     --backup-location-config region=minio,s3ForcePathStyle="true",s3Url=<your minio_server_url> --use-restic     --wait

GKE中请替换minio_server_url的值并部署velero server

velero install     --provider aws    --bucket velero     --secret-file ./credentials-velero     --use-volume-snapshots=false     --backup-location-config region=minio,s3ForcePathStyle="true",s3Url=<your minio_server_url> --use-restic     --wait

在GKE集群中备份Jenkins Application

(1)在备份带volume信息的pod之前,我们要通过给pod加annotation来告诉velero哪些pod需要包含volume数据, 查看jenkins应用的Deployment资源:

$ kubectl -n jenkins get deploy jenkins-jenkins-deployment -oyaml

image

(2)为pod加annotation:

$ kubectl -n jenkins get po
NAME                                          READY   STATUS      RESTARTS   AGE
jenkins-deployer-zh5p4                        0/1     Completed   0          109m
jenkins-jenkins-deployment-7df86c64d4-tqqlr   1/1     Running     0          109m
$ kubectl -n jenkins annotate pod/jenkins-jenkins-deployment-7df86c64d4-tqqlr backup.velero.io/backup-volumes=jenkins-jenkins-pvc
pod/jenkins-jenkins-deployment-7df86c64d4-tqqlr annotated

(3)创建备份

$ velero backup create gcloud-jenkins-backup-restic --include-namespaces jenkins --wait
Backup request "gcloud-jenkins-backup-restic" submitted successfully.
Waiting for backup to complete. You may safely press ctrl-c to stop waiting - your backup will continue in the background.
.......................
Backup completed with status: Completed. You may check for more information using the commands `velero backup describe gcloud-jenkins-backup-restic` and `velero backup logs gcloud-jenkins-backup-restic`.

(4) 查看备份

$ ./velero backup get
NAME                           STATUS      CREATED                         EXPIRES   STORAGE LOCATION   SELECTOR
gcloud-jenkins-backup-restic   Completed   2019-07-12 18:48:48 +0800 +08   29d       default            <none>

(5)登录Minio Server查看
image

同步(或批量)迁移容器镜像

把Jenkins应用使用的容器镜像导入到阿里云容器镜像仓库,导入到的地址为:

registry.cn-hangzhou.aliyuncs.com/haoshuwei/jenkins:2.150.3

批量迁移可参考:https://github.com/AliyunContainerService/sync-repo.git

在ACK集群中创建Jenkins应用所使用的StorageClass standard

我们知道不同的云厂商,后端的存储基础设施是不一样的, 我们需要先创建一个相同名称的StorageClass来屏蔽对底层存储基础设施差异的感知。

$ kubectl apply -f storageclass.yaml
kind: StorageClass
apiVersion: storage.k8s.io/v1beta1
metadata:
  name: standard
provisioner: alicloud/disk
parameters:
  type: cloud
reclaimPolicy: Delete

在ACK集群中恢复Jenkins Application

查看备份信息:

$ velero  backup get
NAME                           STATUS      CREATED                         EXPIRES   STORAGE LOCATION   SELECTOR
gcloud-jenkins-backup-restic   Completed   2019-07-12 18:48:48 +0800 CST   29d       default            <none>

恢复应用:

$ velero restore create --from-backup gcloud-jenkins-backup-restic

此处需要编辑deployment修改image为registry.cn-hangzhou.aliyuncs.com/haoshuwei/jenkins:2.150.3

查看restore的状态:

$ velero restore describe gcloud-jenkins-backup-restic-20190712190536
$ velero restore logs gcloud-jenkins-backup-restic-20190712190536

restore完成后的状态为:

$ velero restore get
NAME                                          BACKUP                         STATUS      WARNINGS   ERRORS   CREATED                         SELECTOR
gcloud-jenkins-backup-restic-20190712190536   gcloud-jenkins-backup-restic   Completed   0          0        2019-07-12 19:05:36 +0800 CST   <none>

查看ACK集群上jenkins应用的ingress并访问服务进行验证

$ kubectl -n jenkins get ing
NAME                 HOSTS   ADDRESS          PORTS     AGE
jenkins-jenkins-ui   *       xx.xx.xx.xx   80, 443   56m

image

至此,一个带pv存储的jenkins应用被完整地从GKE迁移到ACK上。

参考链接:
https://velero.io/docs/v1.0.0/get-started/
https://velero.io/docs/v1.0.0/restic/#troubleshooting
https://github.com/heptio/velero
https://github.com/AliyunContainerService/velero-plugin

版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。

分享:
云原生
使用钉钉扫一扫加入圈子
+ 订阅

云原生时代,是开发者最好的时代

其他文章