本文記錄使用Velero快速完成雲原生應用及PV資料從自建Kubernetes遷移到ACK的實踐過程。 此過程也同樣适用于其他雲廠商Kubernetes叢集内的應用及PV資料遷移至ACK。
在本示例中, 我們将對自建Kubernetes叢集中的一個wordpress應用整體遷移上雲到ACK,其中資料備份采用阿裡雲OSS服務,安全穩定。
Kubernetes應用及PV資料遷移ACK概覽
- 容器鏡像遷移上雲到ACR
- 自建Kubernetes叢集中部署Velero并備份應用wordpress到OSS
- ACK部署Velero并恢複應用wordpress到ACK叢集
- 調整wordpress應用使之充分使用ACK的優勢
- 通路和驗證wordpress應用服務是否正常
Kubernetes應用及PV資料遷移
1 容器鏡像遷移上雲到ACR
自建Kubernetes叢集通常位于使用者自己的IDC中,容器鏡像的存儲也會使用自建鏡像倉庫, 在Kubernetes應用遷移上雲之前, 首先要做的就是容器鏡像遷移上雲到ACR。 本示例中wordpress應用涉及的容器鏡像有:
registry.api.paas.com:5000/admin/wordpress:latest
registry.api.paas.com:5000/admin/mysql:8 遷移上雲後為:
registry.cn-hangzhou.aliyuncs.com/ack-migration/wordpress:latest
registry.cn-hangzhou.aliyuncs.com/ack-migration/mysql:8 如果需要大批量遷移容器鏡像, 請參考
容器鏡像遷移按步驟操作。
2 ACK及自建Kubernetes叢集中部署Velero
請按照以下步驟,分别在ACK和自建Kubernetes叢集中部署Velero。
2.1 安裝 Velero 用戶端
由于使用 velero 備份Kubernetes PV資料的功能還未正式合并到社群項目的主分支, velero的用戶端請從以下連結下載下傳并安裝:
$ curl -o /usr/bin/velero https://public-bucket-1.oss-cn-hangzhou.aliyuncs.com/velero && chmod +x /usr/bin/velero 2.2 建立OSS Bucket
velero 要求預先 建立一個 OSS Bucket(此處放連結轉向相關幫助文檔) 來存儲 Kubernetes 應用資料及其PV資料, 推薦每個Kubernetes叢集單獨使用各自的OSS Bucket。 此文檔示例中的OSS Bucket為
cn-hangzhou
區域下的
ls-velero
bucket。
2.3 建立RAM賬号并生成AK
如果您使用主賬号AK,可以跳過此步驟。 建立子賬号并授予以下權限(此處放連結轉向相關幫助文檔) :
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:DescribeSnapshots",
"ecs:CreateSnapshot",
"ecs:DeleteSnapshot",
"ecs:DescribeDisks",
"ecs:CreateDisk",
"ecs:Addtags",
"oss:PutObject",
"oss:GetObject",
"oss:DeleteObject",
"oss:GetBucket",
"oss:ListObjects"
],
"Resource": [
"*"
],
"Effect": "Allow"
}
]
} 最後生成AK,記錄AK資訊并在velero安裝部署時使用。
2.4 自建Kubernetes叢集部署Velero
編輯
credentials-velero
檔案, 内容為上一步驟中生成的AK資訊:
ALIBABA_CLOUD_ACCESS_KEY_ID=<access_key_id>
ALIBABA_CLOUD_ACCESS_KEY_SECRET=<access_key_secret> 使用以下指令部署velero:
velero install --provider alibabacloud --image registry.cn-hangzhou.aliyuncs.com/haoshuwei24/velero:v1.2.0 --bucket ls-velero --secret-file ./credentials-velero --use-volume-snapshots=false --backup-location-config region=cn-hangzhou --use-restic --plugins registry.cn-hangzhou.aliyuncs.com/acs/velero-plugin-alibabacloud:v1.2 --wait 可以檢視pod的運作狀态:
kubectl -n velero get po
NAME READY STATUS RESTARTS AGE
restic-fqwsc 1/1 Running 0 41s
restic-kfzqt 1/1 Running 0 41s
restic-klxhc 1/1 Running 0 41s
restic-ql2kr 1/1 Running 0 41s
restic-qrsrn 1/1 Running 0 41s
restic-srjmm 1/1 Running 0 41s
velero-67b975f5cb-68nj4 1/1 Running 0 41s 3 自建Kubernetes叢集中備份wordpress應用
若隻需要備份wordpress應用而不備份pv資料, 則使用以下指令備份:
$ velero backup create wordpress-backup-without-pv --include-namespaces wordpress
Backup request "wordpress-backup-without-pv" submitted successfully.
Run `velero backup describe wordpress-backup-without-pv` or `velero backup logs wordpress-backup-without-pv` for more details.
$ velero backup get
NAME STATUS CREATED EXPIRES STORAGE LOCATION SELECTOR
wordpress-backup-without-pv Completed 2019-12-12 14:08:24 +0800 CST 29d default <none> 本文着重示範帶pv資料的wordpress應用備份:
# 首先需要為挂載pv資料卷的pod添加annotation, 例如wordpress應用運作了2個pod, 分别為wordpress-7cf5849f47-mbvx4 mysql-74dddbdcc8-h2tls, wordpress-7cf5849f47-mbvx4
# 挂載的volume名為mysql-persistent-storage, mysql-74dddbdcc8-h2tls挂載的volume名為wordpress-persistent-storage, 則添加annotation的指令為
$ kubectl -n wordpress annotate pod/wordpress-7cf5849f47-mbvx4 backup.velero.io/backup-volumes=wordpress-persistent-storage
pod/wordpress-7cf5849f47-mbvx4 annotated
$ kubectl -n wordpress annotate pod/mysql-74dddbdcc8-h2tls backup.velero.io/backup-volumes=mysql-persistent-storage
pod/mysql-74dddbdcc8-h2tls annotated
# 備份wordpress
$ velero backup create wordpress-backup-with-pv --include-namespaces wordpress
Backup request "wordpress-backup-with-pv" submitted successfully.
Run `velero backup describe wordpress-backup-with-pv` or `velero backup logs wordpress-backup-with-pv` for more details.
$ velero backup get
NAME STATUS CREATED EXPIRES STORAGE LOCATION SELECTOR
wordpress-backup-with-pv Completed 2019-12-12 14:23:40 +0800 CST 29d default <none>
wordpress-backup-without-pv Completed 2019-12-12 14:08:24 +0800 CST 29d default <none> 檢視OSS Bucket可以看到備份的檔案。
4 恢複應用wordpress到ACK叢集
4.1 建立StorageClass
wordpress應用使用nfs類型持久化資料卷,PV/PVC使用的StorageClass名稱為nfs,相應的,在ACK中我們也需要建立一個相同名字的StorageClass, 但StorageClass後端使用了什麼存儲媒體我們可以根據業務需求來定義,比如本示例中我們就使用了SSD雲盤塊存儲,而非必須使用Nas共享存儲:(本示例使用ACK叢集使用CSI plugin, 參考
https://help.aliyun.com/document_detail/134859.html)
$ cat nfs.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nfs
provisioner: diskplugin.csi.alibabacloud.com
parameters:
type: cloud_ssd
reclaimPolicy: Retain
$ kubectl apply -f nfs.yaml
storageclass.storage.k8s.io/nfs created 4.2 恢複wordpress應用
使用velero恢複wordpress應用到ACK, 完成wordpress從自建Kubernetes叢集到ACK的遷移。
$ velero restore create --from-backup wordpress-backup-with-pv
$ velero restore get
NAME BACKUP STATUS WARNINGS ERRORS CREATED SELECTOR
wordpress-backup-with-pv-20191212152745 wordpress-backup-with-pv InProgress 0 0 2019-12-12 15:27:45 +0800 CST <none> 此時檢視wordpress應用運作情況,可能會有鏡像拉取失敗的問題:
$ kubectl -n wordpress get po
NAME READY STATUS RESTARTS AGE
mysql-669b4666cd-trsnz 0/1 ErrImagePull 0 19m
mysql-74dddbdcc8-h2tls 0/1 Init:0/1 0 19m
wordpress-7cf5849f47-mbvx4 0/1 Init:0/1 0 19m
wordpress-bb5d74d95-xcjxw 0/1 ErrImagePull 0 19m 我們需要編輯deployment把image字段替換成2.1中遷移後的鏡像位址:
# edit 編輯deployment并修改image url
$ kubectl -n wordpress edit deployment mysql
$ kubectl -n wordpress edit deployment wordpress 再次檢視wordpress應用運作情況:
$ kubectl -n wordpress get po
NAME READY STATUS RESTARTS AGE
mysql-678b5d8499-vckfd 1/1 Running 0 100s
wordpress-8566f5f7d8-7shk6 1/1 Running 0 3m18s 測試環境重新綁定hosts後,通路置wordpress應用
http://wordpress.myk8s.paas.com:31570
4. 其他參考:wordpress示例應用的部署
wordpress示例應用分wordpress和mysql兩個元件, 分别綁定兩個不同的nfs volume用于應用資料的持久化存儲,最後通過NodePort暴露服務。部署yaml檔案内容如下:
# 1. 建立nfs storageclass
$ cat nfs-sc.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nfs
provisioner: helm.default/nfs
reclaimPolicy: Delete
$ kubectl apply -f nfs-sc.yaml
# 2. 建立mysql password的secret, echo -n "mysql" |base64
$ cat secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysql
type: Opaque
data:
password: bXlzcWw=
$ kubectl apply -f secret.yaml
# 3. 建立mysql的pvc deployment service
$ cat mysql.yaml
apiVersion: v1
kind: Service
metadata:
name: mysql
labels:
app: mysql
spec:
type: ClusterIP
ports:
- port: 3306
selector:
app: mysql
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-volumeclaim
annotations:
volume.beta.kubernetes.io/storage-class: "nfs"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
labels:
app: mysql
spec:
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
securityContext:
runAsUser: 999
runAsGroup: 999
fsGroup: 999
containers:
- image: registry.api.paas.com:5000/admin/mysql:8
name: mysql
args:
- "--default-authentication-plugin=mysql_native_password"
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql
key: password
ports:
- containerPort: 3306
name: mysql
volumeMounts:
- name: mysql-persistent-storage
mountPath: /var/lib/mysql
volumes:
- name: mysql-persistent-storage
persistentVolumeClaim:
claimName: mysql-volumeclaim
$ kubectl apply -f mysql.yaml
# 4. 建立wordpress的pvc deployment service
$ cat wordpress.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: wordpress
name: wordpress
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
nodePort: 31570
selector:
app: wordpress
type: NodePort
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: wordpress-volumeclaim
annotations:
volume.beta.kubernetes.io/storage-class: "nfs"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wordpress
labels:
app: wordpress
spec:
replicas: 1
selector:
matchLabels:
app: wordpress
template:
metadata:
labels:
app: wordpress
spec:
containers:
- image: registry.api.paas.com:5000/admin/wordpress
name: wordpress
env:
- name: WORDPRESS_DB_HOST
value: mysql:3306
- name: WORDPRESS_DB_PASSWORD
valueFrom:
secretKeyRef:
name: mysql
key: password
ports:
- containerPort: 80
name: wordpress
volumeMounts:
- name: wordpress-persistent-storage
mountPath: /var/www/html
volumes:
- name: wordpress-persistent-storage
persistentVolumeClaim:
claimName: wordpress-volumeclaim
$ kubectl apply -f wordpress.yaml 測試環境綁定hosts後,通路并安裝配置wordpress應用
![資料遷移方法資料遷移原則資料遷移之雙寫方案資料遷移之級聯同步方案[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)