How to migrate applications from a Kubernetes cluster on a third-party cloud platform to an ACK cluster - Container Service for Kubernetes

After you connect a Kubernetes cluster on a third-party cloud platform to a registered cluster, you can use the backup center to back up applications and data in the Kubernetes cluster. Then, you can restore the applications and data in a Container Service for Kubernetes (ACK) cluster. This allows you to migrate applications across cloud platforms. This topic describes how to use the backup center to migrate applications from an external Kubernetes cluster to an ACK cluster.

Prerequisites

A registered cluster is created and connected to a Kubernetes cluster on a third-party cloud platform. The version of the Kubernetes cluster is later than 1.16. For more information, see Use onectl to create a registered cluster and Create a registered cluster in the ACK console.
An ACK cluster that is used to restore applications is deployed in the same region as the registered cluster, and the Kubernetes version of the cluster is 1.18 or later. For more information, see Create an ACK managed cluster and Create an ACK dedicated cluster.
Important
- The restore cluster must use the Container Storage Interface (CSI) plug-in. Application restoration is not supported in clusters that use FlexVolume or use csi-compatible-controller and FlexVolume.
- The backup center is used to back up and restore applications. Before you run a restore task, you must install and configure system components in the restore cluster. Example:
  - aliyun-acr-credential-helper: You need to grant permissions to the restore cluster and configure acr-configuration.
  - alb-ingress-controller: You need to configure an ALBConfig.
The cluster backup feature is enabled for the registered cluster and the ACK cluster that you created. For more information, see Install migrate-controller and grant permissions.
A route is configured that points to the internal network of the region in which the Object Storage Service (OSS) bucket for the registered cluster resides if the cluster is connected to a virtual private cloud (VPC) by using Cloud Enterprise Network (CEN), Express Connect, or VPN connections. For more information, see Internal OSS endpoints and VIP ranges.
Cloud Backup is activated. For more information, see Cloud Backup.

Scenarios

Cloud Backup for disaster recovery: You need to back up data, restore backup files, and migrate applications and data to the cloud.

Usage notes

When you back up local volumes, you can create persistent volumes and persistent volume claims (PVCs) to mount the local volumes.
When you back up object storage, file storage, or block storage provided by third-party service providers, you need to use the CSI plug-in to mount the volumes with PVs and PVCs.
The registered cluster, ACK cluster, and Object Storage Service (OSS) bucket must be deployed in the same region.
To ensure the consistency of application data, suspend write operations for your businesses until the backup is complete.

Preparations

In this topic, a MySQL application is used as an example. After an application is deployed in the external Kubernetes cluster, connect the cluster to your registered cluster. Then, create and run a backup task in the registered cluster to back up the application and restore the application in an ACK cluster. Before you migrate the application, make sure that the following requirements are met.

Registered cluster:
A Resource Access Management (RAM) user is created and granted OSS and Cloud Backup permissions. A Secret named alibaba-addon-secret is created in the csdr namespace of the registered cluster and stores the AccessKey ID and AccessKey secret of the RAM user. Run the following command to check whether the alibaba-addon-secret Secret exists:
```
kubectl get secret alibaba-addon-secret -n csdr
```
Expected output:
```
alibaba-addon-secret   Opaque   2      5d22h
```
ACK cluster:
- If you use an ACK managed cluster, make sure that Cloud Backup is activated and an OSS bucket named cnfs-oss-**** is created.
- If you use an ACK dedicated cluster, make sure that the worker RAM role has OSS and Cloud Backup permissions. For more information, see Install migrate-controller and grant permissions.

Step 1: Deploy an application in the external Kubernetes cluster

In this example, a MySQL application named mysql-sts is deployed in the external Kubernetes cluster. The application uses a PVC named mysql-pvc and a PV named mysql-pv. The mysql-pv PV mounts the /mnt path.

Run the following command to create a namespace named test1:
```
kubectl create namespace test1
```
Use the CSI plug-in to mount the volume of the MySQL application with a PV and PVC. For more information, refer to the CSI documentation provided by the third-party cloud service provider. If the Kubernetes cluster does not support CSI, connect it to a registered cluster and use the CSI plug-in provided by Alibaba Cloud. For more information, see Storage - CSI.
Run the following command to check whether the MySQL application is deployed:
```
kubectl -n test1 get pod| grep mysql-sts
```
Expected output:
```
mysql-sts-0   1/1     Running   0         1m02s
```
Run the following command to confirm the configuration of the volume:
```
kubectl -n test1 get pv mysql-pv -oyaml 
```
Expected output:
```
  csi:
    driver: ****
    volumeAttributes:
      xxxx: xxxx
      xxxx: xxxx
    volumeHandle: mysql-pv
```
The output indicates that the volume configuration contains the CSI fields.
Run the following command to log on to the MySQL container:
```
kubectl -n test1 exec -it mysql-sts-0 -- /bin/bash
```
Run the following command in the container to create test files for backup:
```
cd /mnt && touch test && ls
```
Expected output:
```
test
```

Step 2: Back up the MySQL application and data in the registered cluster

After the Kubernetes cluster is connected to the registered cluster, you can run backup tasks in the registered cluster. To do this, perform the following steps:

(Optional) Create a backup vault if no backup vault exists within the current account. For more information, see Create a backup vault.
Create a real-time backup task named mysql-backup in the registered cluster. The following table describes some of the parameters. For more information, see Create a backup task.
Parameter
Example
Name
Enter mysql-backup.
Backup Vaults
Select the backup vault that you created in the preceding step.
Backup Namespaces
Select test1.
Volume Backup
Select Volume Backup to back up data.
Click the Backup Records tab on the Application Backup page. After the status of the mysql-backup task changes from InProgress to Completed, the application and data are backed up.

Step 3: Associate the backup vault with an ACK cluster

If you use a newly created backup vault or the backup vault is not associated with the restore cluster, you need to set up an association first.

On the Application Backup page, click Restore.
In the Restore panel, specify Name and Backup Vaults, and then click Initialize Backup Vault on the right side to associate the backup vault with the restore cluster.
Each backup vault can be associated only once. After the backup vault is initialized, backup tasks in the registered cluster are automatically synchronized to the ACK cluster.
After the initialization is complete, select a restore task in the backup vault and click OK.
On the Backup Records tab, wait for the system to add the mysql-backup backup task to the list.

Step 4: Restore the MySQL application and data in the ACK cluster

In this topic, the StorageClass of the volume used by the application is converted to alibabacloud-cnfs-nas to demonstrate how to restore the application in an ACK cluster.

During application restoration, a dynamically provisioned PV that uses the alibabacloud-cnfs-nas StorageClass is mounted to the MySQL application and data is restored in the PV. To do this, perform the following steps.

Create a restore task named mysql-restore and deploy the MySQL application in the test2 namespace of the ACK cluster. The following table describes some of the parameters. For more information, see Restore applications and volumes.

Parameter	Example
Name	Enter mysql-restore.
Backup Vaults	Select the backup vault that you created.
Select Backup	Select mysql-backup.
Reset Namespace	The namespace changes from test1 to test2.
StorageClass Conversion	Select the alibabacloud-cnfs-nas StorageClass for the mysql-pvc PVC in the list.

Click View Restoration Records on the right side of Restore. After the status of the mysql-restore task changes from InProgress to Completed, the application and data are restored.
Run the following command in the ACK cluster to check whether the MySQL application is deployed:
```
kubectl -n test2 get pod | grep mysql-sts
```
Expected output:
```
mysql-sts-0   1/1     Running   0          4s
```
Run the following command in the ACK cluster to check whether data is restored.
1. Run the following command to check whether the StorageClass of the PVC is changed to alibaba-cnfs-nas:
```
kubectl -n test2 get pvc | grep mysql-pvc
```
  Expected output:
```
mysql-pvc   Bound    nas-****   25Gi       RWO            alibabacloud-cnfs-nas   3m24s
```
2. Run the following command to check whether the mysql-pvc PVC is mounted to the MySQL application:
```
kubectl -n test2 describe pvc mysql-pvc | grep "Used By"
```
  Expected output:
```
Used By:       mysql-sts-0
```
3. Confirm that the test data is restored. Run the following command to log on to the MySQL container:
```
kubectl -n test2 exec -it mysql-sts-0 -- /bin/bash
```
4. Run the following command to query the test data in the MySQL container:
```
cd /mnt && ls
```
  Expected output:
```
test
```
  The output indicates that the test data is restored.