You can use Command Line Interface (CLI) of Terraform to deploy custom resources (CRs) for backup vaults, application backup, and application restoration in backup clusters and restoration clusters to migrate applications across clusters.
Prerequisites
A Container Service for Kubernetes (ACK) cluster that runs Kubernetes 1.18 or later is created. For more information, see Create an ACK managed cluster.
migrate-controller is installed and permissions are granted. For more information, see Install migrate-controller and grant permissions. You can also use Terraform to install components. For more information, see Use Terraform to manage add-ons.
An Object Storage Service (OSS) bucket named in the
cnfs-oss-*format is created to store backups. For more information, see Use Terraform to manage OSS and alicloud_oss_bucket.Elastic Compute Service (ECS) snapshots and Cloud Backup are available if you want to use volumes for backup. For more information, see the Activate OSS section of the "Get started by using the OSS cobsole" topic, Activate ECS Snapshot, and Activate Cloud Backup.
Usage notes
Do not run the
deletecommand by using kubectl to delete backup and restoration tasks. Otherwise, related cloud resources may fail to be completely deleted. For more information about how to delete backups, see the Step 5: Delete resources from the backup center section of this topic.Pay close attention to the new releases of the backup center component named migrate-controller and update the component to the latest version at your earliest convenience. For more information, see Manage components.
Do not delete the parameters in the following sample code in case the backup files cannot be restored.
Step 1: Associate clusters
You can use the Kubernetes provider to associate clusters. For more information about the Kubernetes provider, see Kubernetes Provider.
In this example, a KubeConfig file is used to describe how to associate a cluster.
Create a Terraform directory.
Create a configuration file named csdr.tf in the Terraform directory and copy the following content to the configuration file to associate it with the KubeConfig file.
provider "kubernetes" { config_path = "~/.kube/config" }Run the following command to initialize the runtime environment for Terraform:
terraform initThe following output is returned, which indicates that Terraform is initialized.
Step 2: Create a backup vault
Add the following content to the csdr.tf configuration file and modify the content based on your business requirements.
resource "kubernetes_manifest" "backuplocation-demo" { manifest = { apiVersion = "csdr.alibabacloud.com/v1beta1" kind = "BackupLocation" metadata = { name = "<yourBackuplocationName>" namespace = "csdr" } spec = { backupSyncPeriod = "0s" config = { network = "internal" region = "cn-beijing" } objectStorage = { bucket = "<cnfs-oss-yourBucketName>" prefix = "<subDir>" } provider = "alibabacloud" } } wait { fields = { "status.phase" = "Available" } } timeouts { create = "10m" } }Parameter
Required
Description
name
Yes
The name of the backup vault. The name must comply with the Kubernetes naming convention.
network
Yes
The network mode that is used to access the specified Object Storage Service (OSS) bucket. Valid values:
internal: internal mode. All associated clusters must be deployed in the same region as the OSS bucket.
public: public mode. This mode does not have region limits.
region
Yes
The region where the OSS bucket resides.
bucket
Yes
The name of the OSS bucket. Make sure that the OSS bucket name exists and starts with cnfs-oss-.
prefix
No
The subdirectory in the OSS bucket. If you specify this parameter, backups are stored in the specified subdirectory.
Run the following command to create a resource planning:
terraform planThe following output is returned, which indicates that the resource planning is created.
Run the following command to create a backup vault:
terraform applyThe following output is returned, which indicates that the backup vault is created.
kubernetes_manifest.backuplocation-demo: Creating... kubernetes_manifest.backuplocation-demo: Creation complete after 1s Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Step 3: Create a backup task
Create an instant backup task
Add the following content to the csdr.tf configuration file and modify the content based on your business requirements.
resource "kubernetes_manifest" "applicationbackup-demo" { manifest = { apiVersion = "csdr.alibabacloud.com/v1beta1" kind = "ApplicationBackup" metadata = { name = "<yourApplicationBackupName>" namespace = "csdr" annotations = { "csdr.alibabacloud.com/backuplocations" = "{\"name\":\"<yourBackuplocationName>\",\"region\":\"cn-beijing\",\"bucket\":\"<cnfs-oss-yourBucketName>\",\"prefix\":\"<subDir>\",\"provider\":\"alibabacloud\"}" } spec = { includedNamespaces = ["default","default1"] includedResources = ["statefulset"] excludedResources = ["excludedResources"] labelSelector = { matchLabels = { "app" = "mysql-sts" } } pvBackup = { defaultPvBackup = "false" } storageLocation = "<yourBackuplocationName>" ttl = "720h0m0s" includeClusterResources = "false" } } # If the value of the status.phase parameter changes to Completed, the backup is successful. # The backup duration depends on the number of applications in the cluster and the amount of data stored in the volumes. #wait { # fields = { # "status.phase" = "Completed" # } #} #timeouts { # create = "60m" #} } }Parameter
Required
Description
csdr.alibabacloud.com/backuplocations
Yes
The backup vault that stores the backups. Make sure that the information is the same as the configuration of the backup vault.
name
Yes
The name of the real-time backup task.
includedNamespaces
Yes
The name of the namespace.
includedResources
No
The type of cluster resource to be included in the backup list.
ImportantTo ensure that backups are created as expected, specify only one of the following parameters: includedResources and excludedResources. If you leave both parameters empty, all resource types are backed up.
excludedResources
No
The type of cluster resource to be excluded from the backup list.
ImportantTo ensure that backups are created as expected, specify only one of the following parameters: includedResources and excludedResources. If you leave both parameters empty, all resource types are backed up.
matchLabels
No
The labels of the resources to be backed up.
includeClusterResources
No
Specify whether to back up all cluster-level resources, such as StorageClasses, CustomResourceDefinitions (CRDs), and webhooks.
true: back up all cluster-level resources.false: back up only cluster-level resources used by namespace-level resources in the specified namespaces. For example, when the system backs up a pod, the service account used by the pod is assigned a cluster role. In this case, the cluster role is automatically backed up. When the system backs up a CustomResource (CR), the corresponding CRD is backed up.
NoteBy default,
IncludeClusterResourcesis set tofalsefor backup tasks created in the ACK console.defaultPvBackup
Specifies whether to back up volumes. Valid values:
true: backs up applications and volumes.
false: backs up only applications.
storageLocation
Yes
The name of the backup vault.
NoteIf your ACK cluster uses Velero, join DingTalk group 35532895 to request technical support.
ttl
Yes
The validity period of backups. You cannot restore data from expired backups. Specify the time period in the 720h0m0s format. Valid values: 24h0m0s to 1572864h0m0s.
Run the following command to create a resource planning:
terraform planThe following output is returned, which indicates that the resource planning is created.
Run the following command to create an instant backup task.
terraform applyThe following output is returned, which indicates that the instant backup task is created.
kubernetes_manifest.applicationbackup-demo: Creating... kubernetes_manifest.applicationbackup-demo: Creation complete after 1s Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Create a scheduled backup task
Add the following content to the csdr.tf configuration file and modify the content based on your business requirements.
Parameter
Required
Description
csdr.alibabacloud.com/backuplocations
Yes
The backup vault that stores the backups. Make sure that the information is the same as the configuration of the backup vault.
name
Yes
The name of the scheduled backup task.
schedule
Yes
The backup cycle specified by a cron expression.
includedNamespaces
Yes
The name of the namespace.
includedResources
No
The type of cluster resource to be included in the backup list.
ImportantTo ensure that backups are created as expected, specify only one of the following parameters: includedResources and excludedResources. If you leave both parameters empty, all resource types are backed up.
excludedResources
No
The type of cluster resource to be excluded from the backup list.
ImportantTo ensure that backups are created as expected, specify only one of the following parameters: includedResources and excludedResources. If you leave both parameters empty, all resource types are backed up.
matchLabels
No
The labels of the resources to be backed up.
includeClusterResources
No
Specify whether to back up all cluster-level resources, such as StorageClasses, CustomResourceDefinitions (CRDs), and webhooks.
true: back up all cluster-level resources.false: back up only cluster-level resources used by namespace-level resources in the specified namespaces. For example, when the system backs up a pod, the service account used by the pod is assigned a cluster role. In this case, the cluster role is automatically backed up. When the system backs up a CustomResource (CR), the corresponding CRD is backed up.
NoteBy default,
IncludeClusterResourcesis set tofalsefor backup tasks created in the ACK console.defaultPvBackup
Yes
Specifies whether to back up volumes. Valid values:
true: backs up applications and volumes.
false: backs up only applications.
storageLocation
Yes
The name of the backup vault.
NoteIf your ACK cluster uses Velero, join DingTalk group 35532895 to request technical support.
ttl
Yes
The validity period of backups. You cannot restore data from expired backups. Specify the time period in the 720h0m0s format. Valid values: 24h0m0s to 1572864h0m0s.
Run the following command to create a resource planning:
terraform planThe following output is returned, which indicates that the resource planning is created.
Run the following command to create a scheduled backup task:
terraform applyThe following output is returned, which indicates that the scheduled backup task is created.
kubernetes_manifest.backupschedule-demo: Creating... kubernetes_manifest.backupschedule-demo: Creation complete after 1s Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Related operations
Search for backups based on the scheduled backup task.
Use
labelSelectorto find the backups created by the scheduled backup task.data "kubernetes_resources" "list-applicationbackup" { api_version = "csdr.alibabacloud.com/v1beta1" kind = "ApplicationBackup" namespace = "csdr" label_selector = "csdr/schedule-name=terraform-schedule-test" } # Return the output. output "applicationbackup-name" { value = data.kubernetes_resources.list-applicationbackup.objects }Modify the scheduled backup task.
Set the
spec.pausedparameter totrueto pause the scheduled backup task, and then modify other parameters in thespecparameter such asspec.schedulethat defines the backup behavior in the backup task based on your business requirements. Sample code:resource "kubernetes_manifest" "backupschedule-demo" { manifest = { apiVersion = "csdr.alibabacloud.com/v1beta1" kind = "BackupSchedule" metadata = { name = "<yourBackcupscheduleName>" namespace = "csdr" annotations = { "csdr.alibabacloud.com/backuplocations" = "{\"name\":\"<yourBackuplocationName>\",\"region\":\"cn-beijing\",\"bucket\":\"<cnfs-oss-yourBucketName>\",\"prefix\":\"<subDir>\",\"provider\":\"alibabacloud\"}" } } spec = { Pause the backup task. paused = "true" # Modify the backup cycle of the backup task. schedule = "0 5 * * *" template = { includedNamespaces = ["default","default1"] includedResources = ["statefulset"] excludedResources = ["excludedResources"] labelSelector = { matchLabels = { "app" = "mysql-sts" } } pvBackup = { defaultPvBackup = "false" } storageLocation = "vault-a" ttl = "720h0m0s" includeClusterResources = "false" } } } wait { fields = { # After the backup task is paused, the state of the backup task changes to Paused as expected. "status.phase" = "Paused" } } timeouts { create = "10m" } }Run the following command to create a resource planning:
terraform planThe following output is returned, which indicates that the resource planning is created.
kubernetes_manifest.backupschedule-demo: Refreshing state... Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # kubernetes_manifest.backupschedule-demo will be updated in-place ~ resource "kubernetes_manifest" "backupschedule-demo" { ~ manifest = { ~ spec = { ~ paused = "false" -> "true" ~ schedule = "1 4 * * *" -> "0 5 * * *" # (1 unchanged attribute hidden) } # (3 unchanged attributes hidden) } ~ object = { ~ spec = { ~ paused = false -> true ~ schedule = "1 4 * * *" -> "0 5 * * *" # (2 unchanged attributes hidden) } # (3 unchanged attributes hidden) } ~ wait { ~ fields = { ~ "status.phase" = "Enabled" -> "Paused" } } # (1 unchanged block hidden) } Plan: 0 to add, 1 to change, 0 to destroy.Run the following command to apply the modified scheduled backup task:
terraform applyThe following output is returned, which indicates that the scheduled backup task is modified.
kubernetes_manifest.backupschedule-demo: Modifying... kubernetes_manifest.backupschedule-demo: Modifications complete after 1s Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
Step 4: Create a restoration task
Add the following content to the csdr.tf configuration file and modify the content based on your business requirements.
resource "kubernetes_manifest" "applicationrestore-demo" { manifest = { apiVersion = "csdr.alibabacloud.com/v1beta1" kind = "ApplicationRestore" metadata = { name = "<yourApplicationRestoreName>" namespace = "csdr" annotations = { "csdr.alibabacloud.com/backuplocations" = "{\"name\":\"<yourBackuplocationName>\",\"region\":\"cn-beijing\",\"bucket\":\"<cnfs-oss-yourBucketName>\",\"prefix\":\"<subDir>\",\"provider\":\"alibabacloud\"}" } } spec = { appRestoreOnly = "false" preserveNodePorts = "true" includedNamespaces = ["default","default1"] includedResources = ["statefulset"] excludedResources = ["excludedResources"] convertedarg = [ { convertToStorageClassType = "alicloud-disk-topology-alltype" namespace = "default" persistentVolumeClaim = "pvc-nas" }, { convertToStorageClassType = "alicloud-disk-topology-alltype" namespace = "default1" persistentVolumeClaim = "pvc-oss" } ] backupName = "<yourApplicationBackupName>" namespaceMapping = { "<backupNamespace>" = "<restoreNamespace>" } } } # If the value of the status.phase parameter changes to Completed, the restoration task is successful. # The restoration duration depends on the number of applications in the cluster and the amount of data stored in the volumes. #wait { # fields = { # "status.phase" = "Completed" # } #} #timeouts { # create = "60m" #} }Parameter
Required
Description
csdr.alibabacloud.com/backuplocations
Yes
The backup vault that stores the backups. Make sure that the information is the same as the configuration of the backup vault.
name
Yes
The name of the restore task.
appRestoreOnly
No
Specifies whether to restore only applications from backups that contain volume data. Persistent volume claims (PVCs), persistent volumes (PVs), and the relevant data are not restored. Valid values:
true: restores only applications. If you want to change the data source where you back up applications, you need to manually create a PVC and PV, create a restore task, and then set this parameter to true.
false: restores applications and the relevant volume data. Default value: false.
preserveNodePorts
No
Specifies whether to retain the NodePort of the application. If the backup cluster and restore cluster use the same NodePort, set this parameter to false to change the NodePort to a random port. In other scenarios, set the parameter to true.
includedNamespaces
Yes
The name of the namespace to be restored. If you leave this parameter empty, all namespaces that have been backed up are restored.
includedResources
No
The type of cluster resource to be included in the restore list.
ImportantTo ensure that backups are created as expected, specify only one of the following parameters: includedResources and excludedResources. If you leave both parameters empty, all resource types are backed up.
excludedResources
No
The type of cluster resource to be excluded from the restore list.
ImportantTo ensure that backups are created as expected, specify only one of the following parameters: includedResources and excludedResources. If you leave both parameters empty, all resource types are backed up.
backupName
Yes
The name of the backup to be restored. If you use the scheduled backup feature, you need to specify the name of a backup that is created at a point in time. Example: <yourBackupScheduleName>-20221205225845.
namespaceMapping
No
This parameter maps the namespace in the backup cluster to a namespace in the restore cluster. Valid values:
<backupNamespace>: the namespace of the backups in the backup cluster.
<restoreNamespace>: the namespace to which resources are restored in the restore cluster. If you do not specify this parameter, the resources are restored to a namespace that uses the same name as the namespace in the backup cluster.
NoteIf <restoreNamespace> does not exist, the system automatically creates one.
convertedarg
No
The StorageClass conversion list. For volumes of the FileSystem type, such as OSS, NAS, CPFS, and local volumes, you can configure this parameter to convert the StorageClasses of their PVCs to the specified StorageClass during the restoration process. For example, you can convert NAS volumes to disk volumes.
convertToStorageClassType: the desired StorageClass. Make sure that the StorageClass exists in the current cluster. You can specify only the disk or NAS StorageClass.
namespace: the namespace of the PVC.
persistentVolumeClaim: the name of the PVC.
You can run the
kubectl -ncsdr describe <backup-name>command to query the PVC information of a backup. In the returnedstatus.resourceList.dataResource.pvcBackupInfolist, the dataType field displays the data type of the PVC, which can be FileSystem or Snapshot. The nameSpace and pvcName fields display the namespace and name of the PVC.ImportantFor ReadWriteMany volumes, restore to disk is not supported. For ReadOnlyMany volumes, when you restore to disk, ensure that replicas are not simultaneously mounted on multiple nodes to avoid forced disk detachment.
Run the following command to create a resource planning:
terraform planThe following output is returned, which indicates that the resource planning is created.
Run the following command to create a restoration task.
terraform applyThe following output is returned, which indicates that the restoration task is created.
kubernetes_manifest.applicationbackup-demo: Creating... kubernetes_manifest.applicationrestore-demo: Creation complete after 1s Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Step 5: Delete resources from the backup center
Other clusters may also use the backup vault that you created. Therefore, the backup center does not allow you to delete the BackupLocation object.
Delete the scheduled backup task
You can run the terraform destroy command to delete the BackupSchedule resource to stop the scheduled backup task.
Delete the backup task or restoration task
Add the following content to the csdr.tf configuration file and modify the content based on your business requirements.
resource "kubernetes_manifest" "deleterequest-demo" { manifest = { apiVersion = "csdr.alibabacloud.com/v1beta1" kind = "DeleteRequest" metadata = { name = "<objectName-dbr>" namespace = "csdr" } spec = { deleteObjectName = "<objectName>" deleteObjectType = "Backup" } } }Parameter
Required
Description
name
Yes
The name of the deletion request.
To delete a backup task, specify the request name in the following format: ApplicationBackup name of the backup task+"-dbr".
To delete a restore task, specify the request name in the following format: ApplicationRestore name of the restore task+"-dbr".
deleteObjectName
Yes
The name of the resource to be deleted.
deleteObjectType
Yes
The type of resource to be deleted. Valid values:
"Backup": deletes the ApplicationBackup object and relevant resources of the backup task.
"Restore": deletes the ApplicationRestore object and relevant resources of the restore task.
NoteDeleting backup tasks does not affect the backups that are created in the cluster.
Deleting restore tasks does not affect the data that is restored.
Run the following command to create a resource planning:
terraform planThe following output is returned, which indicates that the resource planning is created.
Run the following command to delete resources:
terraform applyThe following output is returned, which indicates that a
deleterequestresource is created to delete resources.kubernetes_manifest.deleterequest-demo: Creating... kubernetes_manifest.deleterequest-demo: Creation complete after 0s Apply complete! Resources: 1 added, 0 changed, 0 destroyed.NoteAfter the system deletes the corresponding backup or restoration task based on the
deleterequestresource, thedeleterequestresource is also deleted.
References
For more information about how to use kubectl to back up and restore applications, see Use kubectl to back up and restore applications.
If you want to back up and restore applications in the ACK console, see the following topics: