You can use the backup center to back up and restore applications in Container Service for Kubernetes (ACK) clusters for disaster recovery.
Limits
When the backup center backs up applications, the resources that are being deleted are not backed up.
Only ACK clusters that run Kubernetes 1.16 or later support the backup center. For more information about how to update the Kubernetes version of an ACK cluster, see Manually upgrade ACK clusters.
By default, Elastic Compute Service (ECS) snapshots are created to back up disks. Only ACK clusters that run Kubernetes 1.18 or later and use CSI support ECS snapshots. If your cluster does not meet the requirement, use Cloud Backup.
Prerequisites
migrate-controller is installed and permissions are granted. For more information, see Install migrate-controller and grant permissions.
To create disk snapshots to back up volumes, you must install CSI 1.1.0 or later. For more information about how to install the CSI plug-in, see Manage the CSI plug-in.
To restore backups to File Storage NAS (NAS) volumes managed by CNFS (by setting StorageClass to alibabacloud-cnfs-nas), you need to create a StorageClass first. For more information, see Use CNFS to manage NAS file systems (recommended).
Billing
The backup center feature is free of charge. However, you may be charged for the following related services when you use the feature:
OSS: An OSS bucket is used to store backup files of the cluster, such as the related YAML files. For more information about the billing of OSS, see Billing overview.
Disk snapshot: Used to back up volumes that use Alibaba Cloud disks. For more information about the billing, see Snapshots.
NoteStarting 11:00 (UTC+8) on October 12, 2023, you are no longer charged storage fees and feature usage fees for the instant access feature. For more information, see Use the instant access feature.
If you use PL0 enhanced SSD (ESSD), PL1 ESSD, PL2 ESSD, PL3 ESSD, or ESSD AutoPL disks, snapshots created during backups have the instant access feature enabled by default.
Cloud Backup: Used to back up data from volume types other than disk volumes. You are charged for storage usage of container backup vaults created at the Cloud Backup side. For more information, see Price Details.
Step 1: Create a backup vault
When you back up applications in an ACK cluster, the backup files are stored in an Object Storage Service (OSS) bucket. If no backup vault is available when you create a backup task, you must perform the operations in Step 1.
You need to create only one backup vault in the region of your ACK clusters. The ACK clusters can shared the backup vault.
You cannot update existing backup vaults. Existing backup vaults can only be deleted. If you create a backup vault that has the same name as a deleted backup vault, the backup vault that you create cannot be used by clusters that have used the application backup feature.
Log on to the ACK console. In the left-side navigation pane, choose .
On the Backup Center page, click Create Backup Vault.
In the Create Backup Vault panel, configure parameters and click OK.
Parameter
Description
Vault Name
The name of the backup vault. The name can contain lowercase letters and digits.
OSS Bucket Region
The region where the OSS bucket that you want to use is deployed.
OSS Bucket Name
The name of the OSS bucket.
If you use an ACK managed cluster, you need to create an OSS bucket before you perform this step. The OSS bucket must be named in the cnfs-oss**** format.
OSS Bucket Subdirectory
The subdirectory of the OSS bucket. This parameter is optional.
Visible Scope
The visibility of the backup vault to other users. Valid values:
The backup vault is visible only to Alibaba Cloud accounts and the creator.
The backup vault is visible to Alibaba Cloud accounts and RAM users.
Step 2: Create a backup plan or back up instantly
Create a backup plan: The system periodically creates backup tasks based on the backup cycle until the backup plan is deleted. You can specify a backup cycle to allow the system to create backup tasks at an interval or at a scheduled time of each day, week, or month.
Back up instantly: The system creates a backup task to back up applications at the current time.
After you create a backup plan or choose to back up instantly, a backup task is issued to the ACK cluster. The status of the backup task is displayed on the Backup Records tab.
Create a backup schedule
On the Clusters page, click the name of the cluster that you want to manage and choose in the left-side navigation pane.
The system automatically checks whether the backup service component is installed. If not, follow the instructions on the page to install the backup service component. If you use a registered cluster or ACK dedicated cluster, you also need to configure permissions. For more information, see Install migrate-controller and grant permissions.
On the Application Backup page, click Create Backup Plan. In the Create Backup Plan panel, configure parameters and click OK.
NoteThe backup plan name can contain lowercase letters and digits. Space characters are not allowed.
You can select multiple namespaces for the backup plan.
You can specify only one backup label.
Disk snapshots are empowered by the snapshot technology of Alibaba Cloud. Cloud Backup is a high-performance, secure, cost-efficient, and fully-hosted cloud backup and storage service.
You can use a Linux crontab expression to specify a backup cycle or specify a backup interval.
Parameter
Description
Name
The name of the backup plan. This parameter is required.
Backup Vaults
Select the backup vault that you want to use. This parameter is required.
Select Namespace
Include: Back up applications in the namespaces specified in Backup Namespaces. If a specified namespace is deleted, applications in the namespace are not backed up.
Exclude: Back up applications in namespaces other than those specified in Backup Namespaces. Applications in newly created namespaces are also backed up.
NoteThe Select Namespace parameter is available only for backup plans. If you choose to back up instantly, only the Include mode is supported.
Backup Namespaces
You can select one or more namespaces. Applications in the selected namespaces are backed up or skipped. This parameter is required.
NoteThe kube-system, kube-publish, kube-node-lease, and csdr namespaces strongly rely on the cluster. The backup and restore feature is not suitable for these namespaces. Therefore, you cannot back up applications in these namespaces.
Backup Cycle
Enter a crontab expression. You need to specify a backup cycle only when you create a backup plan. For more information, see How do I specify the backup cycle when creating a backup plan?
Volume Backup
Specify whether to back up data in volumes used by applications.
If you select Enable, ECS snapshots are created or Cloud Backup is used to back up data in volumes.
Disk volumes: By default, ECS snapshots are created to back up disk volumes.
Other types of volumes: Cloud Backup is used.
During the restoration process, data is restored from ECS snapshots or Cloud Backup to new disk volumes.
ImportantIf you do not enable volume backup and have not excluded persistent volumes (PVs) and persistent volume claims (PVCs) from the backup list, only the YAML files of the PVs and PVCs are backed up. The data stored in volumes is not backed up. The YAML files contain the underlying storage information, such as disk IDs and NAS server information. During the restoration process, PVs and PVCs are restored from the YAML files by creating statically provisioned volumes.
Label
Specify a label. Applications that have this label are backed up.
Specify Resources
Specify one or more resource object names that are separated by commas (,). Example:
deploy, configmap
. Only the specified Kubernetes resources are backed up.Excluded Resources
You can specify one or more Kubernetes resources that you want to exclude from the backup task and separate them with commas (,). Example:
pod or Secret
. The excluded resources are not backed up.Validity Period
The validity period of backups. Expired backups cannot be restored. Valid values: 1 to 65536. Unit: days.
What to do next
On the Backup Plans tab of the Application Backup page, you can click View Backup Records in the Actions column of a backup plan to view backup records. If the Status column displays Completed, backups are created.
On the Backup Plans tab of the Application Backup page, you can click Edit in the Actions column of a backup plan to modify the backup namespaces and backup cycle.
Back up instantly
On the Clusters page, click the name of the cluster that you want to manage and choose in the left-side navigation pane.
The system automatically checks whether the backup service component is installed. If not, follow the instructions on the page to install the backup service component. If you use a registered cluster or ACK dedicated cluster, you also need to configure permissions. For more information, see Install migrate-controller and grant permissions.
On the Application Backup page, click Back up Now. In the Back up Now panel, configure parameters and click OK.
NoteThe task name can contain lowercase letters and digits. Space characters are not allowed.
You can select one or more namespaces to back up applications.
You can specify only one backup label.
Disk snapshots are empowered by the snapshot technology of Alibaba Cloud. Cloud Backup is a high-performance, secure, cost-efficient, and fully-hosted cloud backup and storage service.
Parameter
Description
Name
The name of the real-time backup task. This parameter is required.
Backup Vaults
Select the backup vault that you want to use. This parameter is required.
Backup Namespaces
You can select one or more namespaces. Applications in the selected namespaces are backed up or skipped. This parameter is required.
NoteThe kube-system, kube-publish, kube-node-lease, and csdr namespaces strongly rely on the cluster. The backup and restore feature is not suitable for these namespaces. Therefore, you cannot back up applications in these namespaces.
Volume Backup
Specify whether to back up data in volumes used by applications.
If you select Enable, ECS snapshots are created or Cloud Backup is used to back up data in volumes.
Disk volumes: By default, ECS snapshots are created to back up disk volumes.
Other types of volumes: Cloud Backup is used.
During the restoration process, data is restored from ECS snapshots or Cloud Backup to new disk volumes.
ImportantIf you do not enable volume backup and have not excluded persistent volumes (PVs) and persistent volume claims (PVCs) from the backup list, only the YAML files of the PVs and PVCs are backed up. The data stored in volumes is not backed up. The YAML files contain the underlying storage information, such as disk IDs and NAS server information. During the restoration process, PVs and PVCs are restored from the YAML files by creating statically provisioned volumes.
Label
Specify a label. Applications that have this label are backed up.
Specify Resources
Specify one or more resource object names that are separated by commas (,). Example:
deploy, configmap
. Only the specified Kubernetes resources are backed up.Excluded Resources
You can specify one or more Kubernetes resources that you want to exclude from the backup task and separate them with commas (,). Example:
pod or Secret
. The excluded resources are not backed up.Validity Period
The validity period of backups. Expired backups cannot be restored. Valid values: 1 to 65536. Unit: days.
What to do next
On the Backup Plans tab of the Application Backup page, if the Status column of a backup record displays Completed, backups are created.
You can click Clone in the Actions column of a backup record to create a real-time backup task from the backup record.
Step 3: Restore applications and volumes
The system does not overwrite existing resources in the cluster when it restores data. It restores only resources that do not exist in the cluster. If the cluster already contains resources that you want to restore, delete the existing resources before you perform the restoration.
On the Application Backup page, click Restore.
In the Restore panel, configure parameters and click OK.
Parameter
Description
Name
The name of the restore task. The name can contain lowercase letters and digits.
Backup Vaults
Select the backup vault where backup files are stored.
After you select a backup vault, click Initialize Backup Vault to associate the restore cluster with the backup vault. You need to associate a backup vault with a cluster only once. After the backup vault is initialized, you can select a backup file from the backup vault to restore data.
Select Backup
Select a backup file.
Restore Namespace
You can select one or more backup namespaces for restoration. If this parameter is not specified, a full restoration is performed.
NoteIf the backup includes cluster-level resources, leave this field empty.
Reset Namespace
If you want to select backup files in other namespaces, click Add, select the namespace to which the backup files belong, and then specify the namespace to which the backup files are restored after the colon (:).
Reset Image Repository
To modify the image repository address used by the backup workload, click Add, enter the image repository address that you want to modify in the left textfield, and specify the new image repository address after the colon (:). For example:
docker.io/library : registry.cn-hangzhou.aliyuncs.com/xxx
.For more information, see How do I adjust the image used by the application in the backup when I run a restore task?
StorageClass Conversion
The snapshot feature is renamed as StorageClass conversion. This feature can convert the StorageClasses of PVCs in volume backups. For example, your application uses NAS volumes. After you select the alicloud-disk StorageClass, the restored application uses disk volumes.
ImportantYou can convert only the StorageClasses of volumes of the FileSystem type (volumes other than disk volumes created by Cloud Backup).
For ReadWriteMany volumes, recovery to a disk is not supported. For ReadOnlyMany volumes, when recovering to a disk, ensure that replicas are not simultaneously mounted on multiple nodes to avoid forced disk unmounting.
Verify that the related stateful or stateless application, volumes, and Services can be started and accessed as normal.
In the left-side navigation pane of the restore cluster management page, choose
.Find the application and click Details in the Actions column.
On the Pods tab, confirm that the status of the restored Deployment is Running.
In the left-side navigation pane of the details page, choose
.On the Persistent Volume Claims page, confirm that the PVCs are restored and displayed.
In the left-side navigation pane of the details page, choose
.On the Services page, click the external endpoint of a Service to check whether the Service can be accessed.
References
For more information about how to migrate applications across clusters that use different volume plug-ins or run different Kubernetes versions, see Use the backup center to migrate applications in an ACK cluster that runs an old Kubernetes version.
For more information about how to migrate applications cross clusters in the same region, see Migrate applications across clusters in the same region.
For more information about how to migrate applications across regions, see Migrate applications across clusters in different regions.
For more information about how to use kubectl to migrate applications, see Use kubectl to back up and restore applications.