Back up and restore applications in a cluster - Container Service for Kubernetes

Backup Center lets you back up and restore applications and volume data in ACK clusters. You can create scheduled backup plans or run instant backups, and restore workloads from any backup to the same or a different cluster.

Limitations

Backup Center does not back up resources that are being deleted.
To run Backup Center, your cluster must use Kubernetes v1.16 or later. If your version is earlier, Upgrade the Kubernetes version.
By default, ECS Snapshot is used to back up Cloud Disk data. This method is only supported on CSI clusters running v1.18 or later. For clusters with earlier versions, Cloud Backup is used instead.

Prerequisites

The migrate-controller backup service component is installed and its permissions are configured. For more information, see Install the migrate-controller backup service component and grant permissions.
To use Cloud Disk snapshots for volume backups, you must install CSI Plug-in v1.1.0 or later. For more information, see Install and upgrade the CSI Plug-in.
To restore data to a CNFS-managed NAS file system (that is, you select alibabacloud-cnfs-nas for the StorageClass Conversion parameter during the restore), you must first create a StorageClass. For more information, see Manage NAS file systems with CNFS.

Billing

The Backup Center feature is free of charge. However, you are charged for the storage that is used by related services.

Object Storage Service (OSS) fees: An OSS bucket stores the backed-up cluster resources (YAML files).
Cloud disk snapshot fees: Snapshots are used to back up data from cloud disk volumes.
Note
- Starting from 11:00 on October 12, 2023, Alibaba Cloud no longer charges storage fees or feature fees for the snapshot instant access feature of ECS cloud disks. For more information, see Snapshot instant access.
- When you use ESSD PL0, PL1, PL2, PL3, or ESSD AutoPL disks, the snapshot instant access feature is enabled by default for snapshots created during backup.
Cloud Backup fees: Cloud Backup is used to back up data from volume types other than cloud disks.

Step 1: Create a backup vault

Backup Center stores backup data in Alibaba Cloud OSS. You must create a backup vault before your first backup task if one is not already available.

Note

You only need to create a backup vault once in the region where your cluster resides. You can use the same backup vault for different clusters in the same region.
Existing backup vaults cannot be updated; they can only be deleted. If you delete a vault and create a new one with the same name, the new vault cannot be used in clusters that used the original vault.

Log on to the Container Service Management Console . In the navigation pane on the left, click Multi-cluster > Backup Center.
On the Backup Center page, click Create Backup Vault.

In the Create Backup Vault panel, configure the parameters and click OK.

Parameter	Description
Vault Name	The name of the backup vault. The name can contain only lowercase letters and digits.
OSS Bucket Region	The region where the OSS bucket is located.
OSS Bucket Name	The name of the OSS bucket. For an ACK Managed Cluster, you must create an OSS bucket in advance, and the bucket name must start with cnfs-oss****.
OSS Bucket Subdirectory	The subdirectory of the OSS bucket. This parameter is optional.
Visible Scope	The visibility of the backup vault to other users. Valid values: The backup vault is visible only to Alibaba Cloud accounts and the creator. The backup vault is visible to Alibaba Cloud accounts and RAM users.

Step 2: Create a backup plan or an instant backup

Create a backup plan: Creates backup tasks on a recurring basis according to the specified backup cycle. The backup plan remains active until it is deleted. Backup tasks are created according to the schedule you define (for example, at a specific interval, or at a set time daily, weekly, or monthly).
Instant backup: Creates a single backup task that runs immediately.

Both methods submit a backup task to the cluster. You can track the task's status on the Backup Records tab.

Create a backup plan

On the Clusters page, click the name of the target cluster. In the left navigation pane, choose Operations > Application Backup.
The system automatically checks whether the backup service component is installed. If not, follow the on-screen instructions to install it. If you are using an ACK Dedicated Cluster or a Registered Cluster, you must also configure the required permissions. For more information, see Install migrate-controller and grant permissions.

On the Application Backup page, click Create Backup Plan. In the Create Backup Plan panel, configure the parameters for the application backup and click OK.

Parameter	Description
Name	The name of the backup plan. This parameter is required.
Backup Vault	The backup vault to associate. This parameter is required.
Backup Type	Application Backup: Backs up applications running in the cluster, including their resources and associated volumes. Data Protection: Backs up only the volume data. Resources include only Persistent Volume Claims (PVCs) and Persistent Volumes (PVs). For more information, see Scenarios for application backup and data protection.
Select Namespace	Include: Backs up only the applications in the selected Backup Namespace. If a selected namespace is deleted, it is skipped during the backup. Exclude: Backs up applications in all namespaces except for the selected Backup Namespace. New namespaces are automatically included in future backups. Note This parameter is available only when you create a backup plan. For an instant backup, the value is Include by default.
Backup Namespace	Select one or more namespaces to back up. This parameter is required. Note The `kube-system`, `kube-publish`, `kube-node-lease`, and `csdr` namespaces are critical to cluster operations and should not be backed up or restored directly. Therefore, you cannot select these four namespaces.
Backup Volume	If Backup Type is set to Application Backup, the following options are available for Backup Volume: Specify whether to back up data in volumes used by applications. Mounted Volumes: Backs up the current data to ECS Snapshot or Cloud Backup. During a restore, the backup data is retrieved from ECS Snapshot or Cloud Backup and restored to new storage, such as a new Cloud Disk. By default, Backup Center backs up and restores data for Cloud Disk volumes by using ECS Snapshot. For other types of volumes, Backup Center backs up and restores data by using Cloud Backup. Disable: Does not back up the underlying volume data. During a restore, only the YAML files are restored by default. If you do not want to back up or restore volume-related resources, you can add PVs and PVCs to the excluded resources list. For more information, see When should I back up volume data in an application backup? If Backup Type is set to Data Protection, the following options are available for Backup Volumes: Select the range of volumes that you want to back up. All volumes that meet the criteria are backed up, regardless of whether they are mounted. All Volumes: Backs up all volumes. Specified Types of Volumes: Backs up volumes of a specific type. You must also configure the Storage parameter. Specified Volumes: Backs up only the volumes specified by a PVC. You must also configure the Persistent Volume Claims parameter.
Storage	This parameter is only available when Backup Type is Data Protection and Backup Volume is Specified Types of Volumes. Specify the types of volumes that you want to back up.
Persistent Volume Claims	This parameter is valid only if Backup Type is set to Data Protection and Backup Volume is set to Specified Volumes. Specify the volumes to be backed up.
Backup Cycle	A cron expression that specifies the backup schedule. This parameter is required only when you create a backup plan. For more information, see FAQ about Backup Center. You can use standard Linux cron syntax or specify a time interval.

Advanced settings

Parameter	Description
Specified Label	The application label. Only applications with this label are backed up. You can specify only one label.
Specified Resources	Specify one or more resource object names, separated by commas (,), such as `deploy, configmap`. This lets you back up only specific resources.
Excluded Resources	Specify one or more resource object names, separated by commas (,), such as `pod, secret`. This excludes the specified resource objects from the backup.
Validity Period	The retention period for backup data, in days. Expired data cannot be restored. The value must be an integer from 1 to 65536.

On the Backup Plans tab of the Application Backup page, click View Backup Records in the Actions column for the target backup plan to view the status of automatically created backup records. A Status of Completed indicates a successful backup.

Click Edit in the Actions column for the target backup plan to modify its configuration, such as the backup namespace and backup cycle.

Instant backup

On the Clusters page, click the name of your cluster. In the navigation pane on the left, click Operations > Application Backup.
The system automatically checks whether the backup service component is installed. If not, follow the on-screen instructions to install it. If you are using an ACK Dedicated Cluster or a Registered Cluster, you must also configure the required permissions. For more information, see Install migrate-controller and grant permissions.
On the Application Backup page, click Instant Backup. In the Instant Backup panel, set the parameters for the application backup and click OK.

Parameter	Description
Name	The name of the instant backup task. This parameter is required.
Backup Vault	The backup vault to associate. This parameter is required.
Backup Type	Application Backup: Backs up applications running in the cluster, including their resources and associated volumes. Data Protection: Backs up only the volume data. Resources include only Persistent Volume Claims (PVCs) and Persistent Volumes (PVs). For more information, see Scenarios for application backup and data protection.
Backup Namespace	Select one or more namespaces to back up. This parameter is required. Note The `kube-system`, `kube-publish`, `kube-node-lease`, and `csdr` namespaces are critical to cluster operations and should not be backed up or restored directly. Therefore, you cannot select these four namespaces.
Backup Volume	If Backup Type is set to Application Backup, the following options are available for Backup Volume: Specify whether to back up data in volumes used by applications. Mounted Volumes: Backs up the current data to ECS Snapshot or Cloud Backup. During a restore, the backup data is retrieved from ECS Snapshot or Cloud Backup and restored to new storage, such as a new Cloud Disk. By default, Backup Center backs up and restores data for Cloud Disk volumes by using ECS Snapshot. For other types of volumes, Backup Center backs up and restores data by using Cloud Backup. Disable: Does not back up the underlying volume data. During a restore, only the YAML files are restored by default. If you do not want to back up or restore volume-related resources, you can add PVs and PVCs to the excluded resources list. For more information, see When should I back up volume data in an application backup? If Backup Type is set to Data Protection, the following options are available for Backup Volumes: Select the range of volumes that you want to back up. All volumes that meet the criteria are backed up, regardless of whether they are mounted. All Volumes: Backs up all volumes. Specified Types of Volumes: Backs up volumes of a specific type. You must also configure the Storage parameter. Specified Volumes: Backs up only the volumes specified by a PVC. You must also configure the Persistent Volume Claims parameter.
Storage	This parameter is only available when Backup Type is Data Protection and Backup Volume is Specified Types of Volumes. Specify the types of volumes that you want to back up.
Persistent Volume Claims	This parameter is valid only if Backup Type is set to Data Protection and Backup Volume is set to Specified Volumes. Specify the volumes to be backed up.

Advanced settings

Parameter	Description
Specified Label	The application label. Only applications with this label are backed up. You can specify only one label.
Specified Resources	Specify one or more resource object names, separated by commas (,), such as `deploy, configmap`. This lets you back up only specific resources.
Excluded Resources	Specify one or more resource object names, separated by commas (,), such as `pod, secret`. This excludes the specified resource objects from the backup.
Validity Period	The retention period for backup data, in days. Expired data cannot be restored. The value must be an integer from 1 to 65536.

On the Backup Records tab of the Application Backup page, find the backup record you created. If the Status is Completed, the backup was successful.

You can click Clone in the Actions column for a backup record to quickly create a new backup based on the existing record.

Step 3: Restore applications and volumes

Important

During a restore, only resources that do not already exist in the cluster are created; existing resources are not overwritten. To revert a resource to a previous version, you must first delete the existing resource.

On the Application Backup page, click Restore Instantly.

In the Restore Instantly panel, set the parameters for the restore task and click OK.

Parameter	Description
Name	The name of the restore task. The name can contain only lowercase letters and digits.
Backup Vaults	The vault where the backup file is located. After you select a backup vault, click Initialize to associate the restore cluster with the specified Backup Center. Each backup vault needs to be associated only once. After the vault is initialized, you can select a backup within the vault to restore.
Select Backup	The backup file to restore.
Restore Namespace	Select one or more backed-up namespaces. This restores the applications in the selected namespaces. If you leave this empty, all data from the backup is restored. Note If the backup contains cluster-level resources that need to be restored, leave this parameter empty.
Reset Namespace	To change the namespace of the restored data, click Add, select the source namespace, then specify the new target namespace.
Reset Image Repository	To change the image repository address for the workload's images, click Add. In the left field, enter the source image repository address, and in the right field, enter the new target address. For example: `docker.io/library : registry.cn-hangzhou.aliyuncs.com/xxx` For more information, see FAQ about Backup Center.
StorageClass Conversion	This feature lets you change the `StorageClass` of a PVC for backups that include volumes. For example, if the original volume was a NAS volume and you select an `alicloud-disk` StorageClass, the restored application will use a Cloud Disk with the original data. Important You can only change the StorageClass for data of the FileSystem type (non-Cloud Disk types backed up by Cloud Backup). For volumes with the ReadWriteMany access mode, restoring to a Cloud Disk type is not supported. For volumes with the ReadOnlyMany access mode, if you restore to a Cloud Disk type, you must ensure that your application does not mount the disk to multiple nodes simultaneously to prevent forced detachment.

On the Backup Records tab, find the restore task. After the status of the task changes to Completed, proceed to the next step to verify the result.

Verify the results

Verify that the related applications, Deployments, volumes, and services have started and are accessible.

In the left navigation pane of the cluster management page, choose Workloads > Deployments.
Find the target application and click Details in the Actions column.
On the Pods tab, verify that the application's status is Running.
In the left navigation pane, choose Volumes > Persistent Volume Claims.
On the Persistent Volume Claims page, you can view the restored PVCs.
In the left navigation pane, choose Network > Services.
On the Services page, click the service's external endpoint to verify that it is accessible.

Container Service for Kubernetes:Back up and restore applications in a cluster