前言:
kubernetes集群需要灾备吗?kubernetes需要迁移吗? 答案肯定是需要的
那么,如何做kubernetes灾备和迁移呢?当然了,有很多的方法,例如,自己编写shell脚本,或者使用专业的灾备工具,但shell编写复杂,也可能会有所遗漏,对比其它的kubernetes专业备份软件,很多备份条件苛刻,安装部署困难,或者恢复只能一把梭,也就是备份和恢复不太灵活的那种样子,比如,Kasten K10 就部署比较麻烦(过于重),备份也不太灵光的样子。
velero 这个备份工具比较好,优点有 部署简单,快速,备份范围可定制,例如只备份deployment这样的资源,只备份某个namespace等等,也就是备份范围灵活,可控,恢复速度也是很快的,在kubernetes集群迁移方面也是基本没有缺点,只是在安全性方面可能不是特别的确定,因为velero主要是基于对象存储插件来备份的,一般是obs,oss或者minio,而这些面向对象存储的安全性无法确定的保障,关键的是该软件是go语言编写的,天生和kubernetes这样的云原生对味。
下面本文将就velero的部署和基本使用做一个介绍。
一,
示例环境介绍
VMware虚拟机,四台服务器,IP地址分别是192.168.123.11,192.168.123.12,192.168.123.13,192.168.123.14 操作系统是centos-7.5 ,内核版本是3.10, kubernetes集群是通过kubekey部署的,版本是1.23.16, 三个master节点,一个工作节点:
下面是环境详情:
bash
[root@node4 nginx-app]# k get no
NAME STATUS ROLES AGE VERSION
node1 Ready control-plane,master 160d v1.23.16
node2 Ready control-plane,master 160d v1.23.16
node3 Ready control-plane,master 160d v1.23.16
node4 Ready worker 160d v1.23.16
[root@node4 nginx-app]# cat /etc/redhat-release
CentOS Linux release 7.7.1908 (Core)
[root@node4 nginx-app]# uname -a
Linux node4 3.10.0-1062.el7.x86_64 #1 SMP Wed Aug 7 18:08:02 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
[root@node4 nginx-app]# k top no
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
node1 162m 4% 3131Mi 96%
node2 136m 3% 2958Mi 90%
node3 132m 3% 3047Mi 93%
node4 104m 2% 1609Mi 49%
[root@node4 nginx-app]# k get po -A -owide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system calico-kube-controllers-84897d7cdf-crnmk 1/1 Running 1 (15h ago) 18h 10.244.32.17 node2 <none> <none>
kube-system calico-node-2m7hp 1/1 Running 15 (13d ago) 160d 192.168.123.11 node1 <none> <none>
kube-system calico-node-5ztjk 1/1 Running 8 (18h ago) 160d 192.168.123.14 node4 <none> <none>
kube-system calico-node-96dmb 1/1 Running 9 (39d ago) 160d 192.168.123.13 node3 <none> <none>
kube-system calico-node-rqp2p 1/1 Running 213 (15h ago) 160d 192.168.123.12 node2 <none> <none>
kube-system coredns-b7c47bcdc-6vdk2 1/1 Running 0 39d 10.244.26.10 node1 <none> <none>
kube-system coredns-b7c47bcdc-db9cp 1/1 Running 1 (15h ago) 18h 10.244.32.18 node2 <none> <none>
kube-system haproxy-node4 1/1 Running 5 (18h ago) 160d 192.168.123.14 node4 <none> <none>
kube-system kube-apiserver-node1 1/1 Running 161 (104d ago) 160d 192.168.123.11 node1 <none> <none>
kube-system kube-apiserver-node2 1/1 Running 8 (15h ago) 160d 192.168.123.12 node2 <none> <none>
kube-system kube-apiserver-node3 1/1 Running 7 (42h ago) 160d 192.168.123.13 node3 <none> <none>
kube-system kube-controller-manager-node1 1/1 Running 12 (43h ago) 160d 192.168.123.11 node1 <none> <none>
kube-system kube-controller-manager-node2 1/1 Running 11 (15h ago) 160d 192.168.123.12 node2 <none> <none>
kube-system kube-controller-manager-node3 1/1 Running 14 (9h ago) 160d 192.168.123.13 node3 <none> <none>
kube-system kube-proxy-649mn 1/1 Running 5 (18h ago) 160d 192.168.123.14 node4 <none> <none>
kube-system kube-proxy-7q7ts 1/1 Running 6 (39d ago) 160d 192.168.123.13 node3 <none> <none>
kube-system kube-proxy-dmd7v 1/1 Running 8 (15h ago) 160d 192.168.123.12 node2 <none> <none>
kube-system kube-proxy-fpb6z 1/1 Running 5 (104d ago) 160d 192.168.123.11 node1 <none> <none>
kube-system kube-scheduler-node1 1/1 Running 15 (2d20h ago) 160d 192.168.123.11 node1 <none> <none>
kube-system kube-scheduler-node2 1/1 Running 12 (15h ago) 160d 192.168.123.12 node2 <none> <none>
kube-system kube-scheduler-node3 1/1 Running 12 (42h ago) 160d 192.168.123.13 node3 <none> <none>
kube-system kube-state-metrics-57794dcf65-rl967 1/1 Running 0 4h38m 10.244.41.62 node4 <none> <none>
kube-system metrics-server-5fcc7b68b7-wsrk7 1/1 Running 2 (4h38m ago) 4h38m 10.244.41.63 node4 <none> <none>
kube-system nodelocaldns-565pz 1/1 Running 8 (15h ago) 160d 192.168.123.12 node2 <none> <none>
kube-system nodelocaldns-dpwlx 1/1 Running 6 (39d ago) 160d 192.168.123.13 node3 <none> <none>
kube-system nodelocaldns-ndlbw 1/1 Running 5 (18h ago) 160d 192.168.123.14 node4 <none> <none>
kube-system nodelocaldns-r8gjl 1/1 Running 5 (104d ago) 160d 192.168.123.11 node1 <none> <none>
velero nginx-6888c79454-rhgdw 1/1 Running 0 4h8m 10.244.41.67 node4 <none> <none>
velero restic-2wkqs 1/1 Running 0 4h8m 10.244.32.21 node2 <none> <none>
velero restic-kw2wl 1/1 Running 0 4h8m 10.244.26.13 node1 <none> <none>
velero restic-qv6rn 1/1 Running 0 4h8m 10.244.28.10 node3 <none> <none>
velero restic-ssfrg 1/1 Running 0 4h8m 10.244.41.65 node4 <none> <none>
velero velero-fbb9469f6-vf4z5 1/1 Running 0 4h8m 10.244.41.64 node4 <none> <none>
二,
velero的强依赖
前面也说了velero需要对象存储插件或者服务,这里可以是oss,obs,minio这样的常用的对象存储,本例既然是做实验,当然不会搞一个云厂商主流的oos,显然部署oos是不现实的嘛,那么,minio还是可以搞一搞的,前两天已经把部署minio分布式集群写过了,在这里就不重复了,见我的博客:
云原生|对象存储|minio分布式集群的搭建和初步使用(可用于生产)-CSDN博客
三,
velero的下载和部署
下载地址: https://github.com/vmware-tanzu/velero/releases?page=4
本例使用的版本是velero-v1.9.4-linux-amd64.tar.gz
部署:
解压文件后,扔到/usr/bin/目录下即可,确认版本,最好是放置在kubernetes集群的管理节点,因为velero需要使用KUBECONFIG来获取备份所需的信息:
bash
[root@node4 nginx-app]# velero version
Client:
Version: v1.9.4
Git commit: ddfc962282783cf2f0bf364c9d721f88fa4cc058
Server:
Version: v1.9.4
该命令可以像kubelet一样设置自动补全,Linux下的自动补全非常简单,前提是安装bash_complete:
bash
velero completion bash >/etc/bash_completion.d/velero
If you have an alias for velero, you can extend shell completion to work with that alias(如果需要简化命令和自动补全,执行下面的命令即可):
bash
echo 'alias v=velero' >>~/.bashrc
echo 'complete -F __start_velero v' >>~/.bashrc
下面是通过命令生成部署清单文件,一般不建议直接安装,毕竟留一个安装文件也好及时调整修改嘛(--dry-run 然后输出为yaml):
minio的console用户和密码
bash
[root@node4 ~]# cat credentials-velero
[default]
aws_access_key_id=minioadmin
aws_secret_access_key=minioadmin
需要注意,kubernetes集群的版本必须是1.16及以上,如果是使用minio,下面的命令不需要更改,s3url根据实际情况填写,minio登录web管理界面,创建一个桶,桶名称为velero 就可以了
bash
velero install --use-restic --provider aws --plugins velero/velero-plugin-for-aws:v1.5.0 --bucket velero --secret-file /root/credentials-velero --use-volume-snapshots=false --backup-location-config region=minio,s3ForcePathStyle="true",s3Url=http://192.168.123.11:39111 --dry-run -o yaml > velero.yaml
部署清单文件的内容(内容非常长):
bash
apiVersion: v1
items:
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
component: velero
name: backups.velero.io
spec:
group: velero.io
names:
kind: Backup
listKind: BackupList
plural: backups
singular: backup
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: Backup is a Velero resource that represents the capture of
Kubernetes cluster state at a point in time (API objects and associated
volume state).
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint the
client submits requests to. Cannot be updated. In CamelCase. More
info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: BackupSpec defines the specification for a Velero backup.
properties:
csiSnapshotTimeout:
description: CSISnapshotTimeout specifies the time used to wait
for CSI VolumeSnapshot status turns to ReadyToUse during creation,
before returning error as timeout. The default value is 10 minute.
type: string
defaultVolumesToRestic:
description: DefaultVolumesToRestic specifies whether restic should
be used to take a backup of all pod volumes by default.
type: boolean
excludedNamespaces:
description: ExcludedNamespaces contains a list of namespaces that
are not included in the backup.
items:
type: string
nullable: true
type: array
excludedResources:
description: ExcludedResources is a slice of resource names that
are not included in the backup.
items:
type: string
nullable: true
type: array
hooks:
description: Hooks represent custom behaviors that should be executed
at different phases of the backup.
properties:
resources:
description: Resources are hooks that should be executed when
backing up individual instances of a resource.
items:
description: BackupResourceHookSpec defines one or more BackupResourceHooks
that should be executed based on the rules defined for namespaces,
resources, and label selector.
properties:
excludedNamespaces:
description: ExcludedNamespaces specifies the namespaces
to which this hook spec does not apply.
items:
type: string
nullable: true
type: array
excludedResources:
description: ExcludedResources specifies the resources
to which this hook spec does not apply.
items:
type: string
nullable: true
type: array
includedNamespaces:
description: IncludedNamespaces specifies the namespaces
to which this hook spec applies. If empty, it applies
to all namespaces.
items:
type: string
nullable: true
type: array
includedResources:
description: IncludedResources specifies the resources
to which this hook spec applies. If empty, it applies
to all resources.
items:
type: string
nullable: true
type: array
labelSelector:
description: LabelSelector, if specified, filters the
resources to which this hook spec applies.
nullable: true
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values
array must be non-empty. If the operator is
Exists or DoesNotExist, the values array must
be empty. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field
is "key", the operator is "In", and the values array
contains only "value". The requirements are ANDed.
type: object
type: object
name:
description: Name is the name of this hook.
type: string
post:
description: PostHooks is a list of BackupResourceHooks
to execute after storing the item in the backup. These
are executed after all "additional items" from item
actions are processed.
items:
description: BackupResourceHook defines a hook for a
resource.
properties:
exec:
description: Exec defines an exec hook.
properties:
command:
description: Command is the command and arguments
to execute.
items:
type: string
minItems: 1
type: array
container:
description: Container is the container in the
pod where the command should be executed.
If not specified, the pod's first container
is used.
type: string
onError:
description: OnError specifies how Velero should
behave if it encounters an error executing
this hook.
enum:
- Continue
- Fail
type: string
timeout:
description: Timeout defines the maximum amount
of time Velero should wait for the hook to
complete before considering the execution
a failure.
type: string
required:
- command
type: object
required:
- exec
type: object
type: array
pre:
description: PreHooks is a list of BackupResourceHooks
to execute prior to storing the item in the backup.
These are executed before any "additional items" from
item actions are processed.
items:
description: BackupResourceHook defines a hook for a
resource.
properties:
exec:
description: Exec defines an exec hook.
properties:
command:
description: Command is the command and arguments
to execute.
items:
type: string
minItems: 1
type: array
container:
description: Container is the container in the
pod where the command should be executed.
If not specified, the pod's first container
is used.
type: string
onError:
description: OnError specifies how Velero should
behave if it encounters an error executing
this hook.
enum:
- Continue
- Fail
type: string
timeout:
description: Timeout defines the maximum amount
of time Velero should wait for the hook to
complete before considering the execution
a failure.
type: string
required:
- command
type: object
required:
- exec
type: object
type: array
required:
- name
type: object
nullable: true
type: array
type: object
includeClusterResources:
description: IncludeClusterResources specifies whether cluster-scoped
resources should be included for consideration in the backup.
nullable: true
type: boolean
includedNamespaces:
description: IncludedNamespaces is a slice of namespace names to
include objects from. If empty, all namespaces are included.
items:
type: string
nullable: true
type: array
includedResources:
description: IncludedResources is a slice of resource names to include
in the backup. If empty, all resources are included.
items:
type: string
nullable: true
type: array
labelSelector:
description: LabelSelector is a metav1.LabelSelector to filter with
when adding individual objects to the backup. If empty or nil,
all objects are included. Optional.
nullable: true
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the
key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
metadata:
properties:
labels:
additionalProperties:
type: string
type: object
type: object
orLabelSelectors:
description: OrLabelSelectors is list of metav1.LabelSelector to
filter with when adding individual objects to the backup. If multiple
provided they will be joined by the OR operator. LabelSelector
as well as OrLabelSelectors cannot co-exist in backup request,
only one of them can be used.
items:
description: A label selector is a label query over a set of resources.
The result of matchLabels and matchExpressions are ANDed. An
empty label selector matches all objects. A null label selector
matches no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If
the operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A
single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is "key",
the operator is "In", and the values array contains only
"value". The requirements are ANDed.
type: object
type: object
nullable: true
type: array
orderedResources:
additionalProperties:
type: string
description: OrderedResources specifies the backup order of resources
of specific Kind. The map key is the Kind name and value is a
list of resource names separated by commas. Each resource name
has format "namespace/resourcename". For cluster resources, simply
use "resourcename".
nullable: true
type: object
snapshotVolumes:
description: SnapshotVolumes specifies whether to take cloud snapshots
of any PV's referenced in the set of objects included in the Backup.
nullable: true
type: boolean
storageLocation:
description: StorageLocation is a string containing the name of
a BackupStorageLocation where the backup should be stored.
type: string
ttl:
description: TTL is a time.Duration-parseable string describing
how long the Backup should be retained for.
type: string
volumeSnapshotLocations:
description: VolumeSnapshotLocations is a list containing names
of VolumeSnapshotLocations associated with this backup.
items:
type: string
type: array
type: object
status:
description: BackupStatus captures the current status of a Velero backup.
properties:
completionTimestamp:
description: CompletionTimestamp records the time a backup was completed.
Completion time is recorded even on failed backups. Completion
time is recorded before uploading the backup object. The server's
time is used for CompletionTimestamps
format: date-time
nullable: true
type: string
csiVolumeSnapshotsAttempted:
description: CSIVolumeSnapshotsAttempted is the total number of
attempted CSI VolumeSnapshots for this backup.
type: integer
csiVolumeSnapshotsCompleted:
description: CSIVolumeSnapshotsCompleted is the total number of
successfully completed CSI VolumeSnapshots for this backup.
type: integer
errors:
description: Errors is a count of all error messages that were generated
during execution of the backup. The actual errors are in the
backup's log file in object storage.
type: integer
expiration:
description: Expiration is when this Backup is eligible for garbage-collection.
format: date-time
nullable: true
type: string
failureReason:
description: FailureReason is an error that caused the entire backup
to fail.
type: string
formatVersion:
description: FormatVersion is the backup format version, including
major, minor, and patch version.
type: string
phase:
description: Phase is the current state of the Backup.
enum:
- New
- FailedValidation
- InProgress
- Completed
- PartiallyFailed
- Failed
- Deleting
type: string
progress:
description: Progress contains information about the backup's execution
progress. Note that this information is best-effort only -- if
Velero fails to update it during a backup for any reason, it may
be inaccurate/stale.
nullable: true
properties:
itemsBackedUp:
description: ItemsBackedUp is the number of items that have
actually been written to the backup tarball so far.
type: integer
totalItems:
description: TotalItems is the total number of items to be backed
up. This number may change throughout the execution of the
backup due to plugins that return additional related items
to back up, the velero.io/exclude-from-backup label, and various
other filters that happen as items are processed.
type: integer
type: object
startTimestamp:
description: StartTimestamp records the time a backup was started.
Separate from CreationTimestamp, since that value changes on restores.
The server's time is used for StartTimestamps
format: date-time
nullable: true
type: string
validationErrors:
description: ValidationErrors is a slice of all validation errors
(if applicable).
items:
type: string
nullable: true
type: array
version:
description: 'Version is the backup format major version. Deprecated:
Please see FormatVersion'
type: integer
volumeSnapshotsAttempted:
description: VolumeSnapshotsAttempted is the total number of attempted
volume snapshots for this backup.
type: integer
volumeSnapshotsCompleted:
description: VolumeSnapshotsCompleted is the total number of successfully
completed volume snapshots for this backup.
type: integer
warnings:
description: Warnings is a count of all warning messages that were
generated during execution of the backup. The actual warnings
are in the backup's log file in object storage.
type: integer
type: object
type: object
served: true
storage: true
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
component: velero
name: backupstoragelocations.velero.io
spec:
group: velero.io
names:
kind: BackupStorageLocation
listKind: BackupStorageLocationList
plural: backupstoragelocations
shortNames:
- bsl
singular: backupstoragelocation
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Backup Storage Location status such as Available/Unavailable
jsonPath: .status.phase
name: Phase
type: string
- description: LastValidationTime is the last time the backup store location
was validated
jsonPath: .status.lastValidationTime
name: Last Validated
type: date
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- description: Default backup storage location
jsonPath: .spec.default
name: Default
type: boolean
name: v1
schema:
openAPIV3Schema:
description: BackupStorageLocation is a location where Velero stores backup
objects
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint the
client submits requests to. Cannot be updated. In CamelCase. More
info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: BackupStorageLocationSpec defines the desired state of
a Velero BackupStorageLocation
properties:
accessMode:
description: AccessMode defines the permissions for the backup storage
location.
enum:
- ReadOnly
- ReadWrite
type: string
backupSyncPeriod:
description: BackupSyncPeriod defines how frequently to sync backup
API objects from object storage. A value of 0 disables sync.
nullable: true
type: string
config:
additionalProperties:
type: string
description: Config is for provider-specific configuration fields.
type: object
credential:
description: Credential contains the credential information intended
to be used with this location
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
default:
description: Default indicates this location is the default backup
storage location.
type: boolean
objectStorage:
description: ObjectStorageLocation specifies the settings necessary
to connect to a provider's object storage.
properties:
bucket:
description: Bucket is the bucket to use for object storage.
type: string
caCert:
description: CACert defines a CA bundle to use when verifying
TLS connections to the provider.
format: byte
type: string
prefix:
description: Prefix is the path inside a bucket to use for Velero
storage. Optional.
type: string
required:
- bucket
type: object
provider:
description: Provider is the provider of the backup storage.
type: string
validationFrequency:
description: ValidationFrequency defines how frequently to validate
the corresponding object storage. A value of 0 disables validation.
nullable: true
type: string
required:
- objectStorage
- provider
type: object
status:
description: BackupStorageLocationStatus defines the observed state
of BackupStorageLocation
properties:
accessMode:
description: "AccessMode is an unused field. \n Deprecated: there
is now an AccessMode field on the Spec and this field will be
removed entirely as of v2.0."
enum:
- ReadOnly
- ReadWrite
type: string
lastSyncedRevision:
description: "LastSyncedRevision is the value of the `metadata/revision`
file in the backup storage location the last time the BSL's contents
were synced into the cluster. \n Deprecated: this field is no
longer updated or used for detecting changes to the location's
contents and will be removed entirely in v2.0."
type: string
lastSyncedTime:
description: LastSyncedTime is the last time the contents of the
location were synced into the cluster.
format: date-time
nullable: true
type: string
lastValidationTime:
description: LastValidationTime is the last time the backup store
location was validated the cluster.
format: date-time
nullable: true
type: string
message:
description: Message is a message about the backup storage location's
status.
type: string
phase:
description: Phase is the current state of the BackupStorageLocation.
enum:
- Available
- Unavailable
type: string
type: object
type: object
served: true
storage: true
subresources: {}
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
component: velero
name: deletebackuprequests.velero.io
spec:
group: velero.io
names:
kind: DeleteBackupRequest
listKind: DeleteBackupRequestList
plural: deletebackuprequests
singular: deletebackuprequest
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: The name of the backup to be deleted
jsonPath: .spec.backupName
name: BackupName
type: string
- description: The status of the deletion request
jsonPath: .status.phase
name: Status
type: string
name: v1
schema:
openAPIV3Schema:
description: DeleteBackupRequest is a request to delete one or more backups.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint the
client submits requests to. Cannot be updated. In CamelCase. More
info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: DeleteBackupRequestSpec is the specification for which
backups to delete.
properties:
backupName:
type: string
required:
- backupName
type: object
status:
description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest.
properties:
errors:
description: Errors contains any errors that were encountered during
the deletion process.
items:
type: string
nullable: true
type: array
phase:
description: Phase is the current state of the DeleteBackupRequest.
enum:
- New
- InProgress
- Processed
type: string
type: object
type: object
served: true
storage: true
subresources: {}
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
component: velero
name: downloadrequests.velero.io
spec:
group: velero.io
names:
kind: DownloadRequest
listKind: DownloadRequestList
plural: downloadrequests
singular: downloadrequest
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: DownloadRequest is a request to download an artifact from backup
object storage, such as a backup log file.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint the
client submits requests to. Cannot be updated. In CamelCase. More
info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: DownloadRequestSpec is the specification for a download
request.
properties:
target:
description: Target is what to download (e.g. logs for a backup).
properties:
kind:
description: Kind is the type of file to download.
enum:
- BackupLog
- BackupContents
- BackupVolumeSnapshots
- BackupItemSnapshots
- BackupResourceList
- RestoreLog
- RestoreResults
- CSIBackupVolumeSnapshots
- CSIBackupVolumeSnapshotContents
type: string
name:
description: Name is the name of the kubernetes resource with
which the file is associated.
type: string
required:
- kind
- name
type: object
required:
- target
type: object
status:
description: DownloadRequestStatus is the current status of a DownloadRequest.
properties:
downloadURL:
description: DownloadURL contains the pre-signed URL for the target
file.
type: string
expiration:
description: Expiration is when this DownloadRequest expires and
can be deleted by the system.
format: date-time
nullable: true
type: string
phase:
description: Phase is the current state of the DownloadRequest.
enum:
- New
- Processed
type: string
type: object
type: object
served: true
storage: true
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
component: velero
name: podvolumebackups.velero.io
spec:
group: velero.io
names:
kind: PodVolumeBackup
listKind: PodVolumeBackupList
plural: podvolumebackups
singular: podvolumebackup
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Pod Volume Backup status such as New/InProgress
jsonPath: .status.phase
name: Status
type: string
- description: Time when this backup was started
jsonPath: .status.startTimestamp
name: Created
type: date
- description: Namespace of the pod containing the volume to be backed up
jsonPath: .spec.pod.namespace
name: Namespace
type: string
- description: Name of the pod containing the volume to be backed up
jsonPath: .spec.pod.name
name: Pod
type: string
- description: Name of the volume to be backed up
jsonPath: .spec.volume
name: Volume
type: string
- description: Restic repository identifier for this backup
jsonPath: .spec.repoIdentifier
name: Restic Repo
type: string
- description: Name of the Backup Storage Location where this backup should
be stored
jsonPath: .spec.backupStorageLocation
name: Storage Location
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint the
client submits requests to. Cannot be updated. In CamelCase. More
info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: PodVolumeBackupSpec is the specification for a PodVolumeBackup.
properties:
backupStorageLocation:
description: BackupStorageLocation is the name of the backup storage
location where the restic repository is stored.
type: string
node:
description: Node is the name of the node that the Pod is running
on.
type: string
pod:
description: Pod is a reference to the pod containing the volume
to be backed up.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead of
an entire object, this string should contain a valid JSON/Go
field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within
a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]"
(container with index 2 in this pod). This syntax is chosen
only to have some well-defined way of referencing a part of
an object. TODO: this design is not final and this field is
subject to change in the future.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this reference
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
repoIdentifier:
description: RepoIdentifier is the restic repository identifier.
type: string
tags:
additionalProperties:
type: string
description: Tags are a map of key-value pairs that should be applied
to the volume backup as tags.
type: object
volume:
description: Volume is the name of the volume within the Pod to
be backed up.
type: string
required:
- backupStorageLocation
- node
- pod
- repoIdentifier
- volume
type: object
status:
description: PodVolumeBackupStatus is the current status of a PodVolumeBackup.
properties:
completionTimestamp:
description: CompletionTimestamp records the time a backup was completed.
Completion time is recorded even on failed backups. Completion
time is recorded before uploading the backup object. The server's
time is used for CompletionTimestamps
format: date-time
nullable: true
type: string
message:
description: Message is a message about the pod volume backup's
status.
type: string
path:
description: Path is the full path within the controller pod being
backed up.
type: string
phase:
description: Phase is the current state of the PodVolumeBackup.
enum:
- New
- InProgress
- Completed
- Failed
type: string
progress:
description: Progress holds the total number of bytes of the volume
and the current number of backed up bytes. This can be used to
display progress information about the backup operation.
properties:
bytesDone:
format: int64
type: integer
totalBytes:
format: int64
type: integer
type: object
snapshotID:
description: SnapshotID is the identifier for the snapshot of the
pod volume.
type: string
startTimestamp:
description: StartTimestamp records the time a backup was started.
Separate from CreationTimestamp, since that value changes on restores.
The server's time is used for StartTimestamps
format: date-time
nullable: true
type: string
type: object
type: object
served: true
storage: true
subresources: {}
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
component: velero
name: podvolumerestores.velero.io
spec:
group: velero.io
names:
kind: PodVolumeRestore
listKind: PodVolumeRestoreList
plural: podvolumerestores
singular: podvolumerestore
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Namespace of the pod containing the volume to be restored
jsonPath: .spec.pod.namespace
name: Namespace
type: string
- description: Name of the pod containing the volume to be restored
jsonPath: .spec.pod.name
name: Pod
type: string
- description: Name of the volume to be restored
jsonPath: .spec.volume
name: Volume
type: string
- description: Pod Volume Restore status such as New/InProgress
jsonPath: .status.phase
name: Status
type: string
- description: Pod Volume Restore status such as New/InProgress
format: int64
jsonPath: .status.progress.totalBytes
name: TotalBytes
type: integer
- description: Pod Volume Restore status such as New/InProgress
format: int64
jsonPath: .status.progress.bytesDone
name: BytesDone
type: integer
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint the
client submits requests to. Cannot be updated. In CamelCase. More
info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore.
properties:
backupStorageLocation:
description: BackupStorageLocation is the name of the backup storage
location where the restic repository is stored.
type: string
pod:
description: Pod is a reference to the pod containing the volume
to be restored.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead of
an entire object, this string should contain a valid JSON/Go
field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within
a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]"
(container with index 2 in this pod). This syntax is chosen
only to have some well-defined way of referencing a part of
an object. TODO: this design is not final and this field is
subject to change in the future.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this reference
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
repoIdentifier:
description: RepoIdentifier is the restic repository identifier.
type: string
snapshotID:
description: SnapshotID is the ID of the volume snapshot to be restored.
type: string
volume:
description: Volume is the name of the volume within the Pod to
be restored.
type: string
required:
- backupStorageLocation
- pod
- repoIdentifier
- snapshotID
- volume
type: object
status:
description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore.
properties:
completionTimestamp:
description: CompletionTimestamp records the time a restore was
completed. Completion time is recorded even on failed restores.
The server's time is used for CompletionTimestamps
format: date-time
nullable: true
type: string
message:
description: Message is a message about the pod volume restore's
status.
type: string
phase:
description: Phase is the current state of the PodVolumeRestore.
enum:
- New
- InProgress
- Completed
- Failed
type: string
progress:
description: Progress holds the total number of bytes of the snapshot
and the current number of restored bytes. This can be used to
display progress information about the restore operation.
properties:
bytesDone:
format: int64
type: integer
totalBytes:
format: int64
type: integer
type: object
startTimestamp:
description: StartTimestamp records the time a restore was started.
The server's time is used for StartTimestamps
format: date-time
nullable: true
type: string
type: object
type: object
served: true
storage: true
subresources: {}
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
component: velero
name: resticrepositories.velero.io
spec:
group: velero.io
names:
kind: ResticRepository
listKind: ResticRepositoryList
plural: resticrepositories
singular: resticrepository
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint the
client submits requests to. Cannot be updated. In CamelCase. More
info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ResticRepositorySpec is the specification for a ResticRepository.
properties:
backupStorageLocation:
description: BackupStorageLocation is the name of the BackupStorageLocation
that should contain this repository.
type: string
maintenanceFrequency:
description: MaintenanceFrequency is how often maintenance should
be run.
type: string
resticIdentifier:
description: ResticIdentifier is the full restic-compatible string
for identifying this repository.
type: string
volumeNamespace:
description: VolumeNamespace is the namespace this restic repository
contains pod volume backups for.
type: string
required:
- backupStorageLocation
- maintenanceFrequency
- resticIdentifier
- volumeNamespace
type: object
status:
description: ResticRepositoryStatus is the current status of a ResticRepository.
properties:
lastMaintenanceTime:
description: LastMaintenanceTime is the last time maintenance was
run.
format: date-time
nullable: true
type: string
message:
description: Message is a message about the current status of the
ResticRepository.
type: string
phase:
description: Phase is the current state of the ResticRepository.
enum:
- New
- Ready
- NotReady
type: string
type: object
type: object
served: true
storage: true
subresources: {}
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
component: velero
name: restores.velero.io
spec:
group: velero.io
names:
kind: Restore
listKind: RestoreList
plural: restores
singular: restore
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: Restore is a Velero resource that represents the application
of resources from a Velero backup to a target Kubernetes cluster.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint the
client submits requests to. Cannot be updated. In CamelCase. More
info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: RestoreSpec defines the specification for a Velero restore.
properties:
backupName:
description: BackupName is the unique name of the Velero backup
to restore from.
type: string
excludedNamespaces:
description: ExcludedNamespaces contains a list of namespaces that
are not included in the restore.
items:
type: string
nullable: true
type: array
excludedResources:
description: ExcludedResources is a slice of resource names that
are not included in the restore.
items:
type: string
nullable: true
type: array
existingResourcePolicy:
description: ExistingResourcePolicy specifies the restore behaviour
for the kubernetes resource to be restored
nullable: true
type: string
hooks:
description: Hooks represent custom behaviors that should be executed
during or post restore.
properties:
resources:
items:
description: RestoreResourceHookSpec defines one or more RestoreResrouceHooks
that should be executed based on the rules defined for namespaces,
resources, and label selector.
properties:
excludedNamespaces:
description: ExcludedNamespaces specifies the namespaces
to which this hook spec does not apply.
items:
type: string
nullable: true
type: array
excludedResources:
description: ExcludedResources specifies the resources
to which this hook spec does not apply.
items:
type: string
nullable: true
type: array
includedNamespaces:
description: IncludedNamespaces specifies the namespaces
to which this hook spec applies. If empty, it applies
to all namespaces.
items:
type: string
nullable: true
type: array
includedResources:
description: IncludedResources specifies the resources
to which this hook spec applies. If empty, it applies
to all resources.
items:
type: string
nullable: true
type: array
labelSelector:
description: LabelSelector, if specified, filters the
resources to which this hook spec applies.
nullable: true
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values
array must be non-empty. If the operator is
Exists or DoesNotExist, the values array must
be empty. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field
is "key", the operator is "In", and the values array
contains only "value". The requirements are ANDed.
type: object
type: object
name:
description: Name is the name of this hook.
type: string
postHooks:
description: PostHooks is a list of RestoreResourceHooks
to execute during and after restoring a resource.
items:
description: RestoreResourceHook defines a restore hook
for a resource.
properties:
exec:
description: Exec defines an exec restore hook.
properties:
command:
description: Command is the command and arguments
to execute from within a container after a
pod has been restored.
items:
type: string
minItems: 1
type: array
container:
description: Container is the container in the
pod where the command should be executed.
If not specified, the pod's first container
is used.
type: string
execTimeout:
description: ExecTimeout defines the maximum
amount of time Velero should wait for the
hook to complete before considering the execution
a failure.
type: string
onError:
description: OnError specifies how Velero should
behave if it encounters an error executing
this hook.
enum:
- Continue
- Fail
type: string
waitTimeout:
description: WaitTimeout defines the maximum
amount of time Velero should wait for the
container to be Ready before attempting to
run the command.
type: string
required:
- command
type: object
init:
description: Init defines an init restore hook.
properties:
initContainers:
description: InitContainers is list of init
containers to be added to a pod during its
restore.
items:
description: A single application container
that you want to run within a pod.
properties:
args:
description: 'Arguments to the entrypoint.
The container image''s CMD is used if
this is not provided. Variable references
$(VAR_NAME) are expanded using the container''s
environment. If a variable cannot be
resolved, the reference in the input
string will be unchanged. Double $$
are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax:
i.e. "$$(VAR_NAME)" will produce the
string literal "$(VAR_NAME)". Escaped
references will never be expanded, regardless
of whether the variable exists or not.
Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
command:
description: 'Entrypoint array. Not executed
within a shell. The container image''s
ENTRYPOINT is used if this is not provided.
Variable references $(VAR_NAME) are
expanded using the container''s environment.
If a variable cannot be resolved, the
reference in the input string will be
unchanged. Double $$ are reduced to
a single $, which allows for escaping
the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded,
regardless of whether the variable exists
or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
env:
description: List of environment variables
to set in the container. Cannot be updated.
items:
description: EnvVar represents an environment
variable present in a Container.
properties:
name:
description: Name of the environment
variable. Must be a C_IDENTIFIER.
type: string
value:
description: 'Variable references
$(VAR_NAME) are expanded using
the previously defined environment
variables in the container and
any service environment variables.
If a variable cannot be resolved,
the reference in the input string
will be unchanged. Double $$ are
reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax:
i.e. "$$(VAR_NAME)" will produce
the string literal "$(VAR_NAME)".
Escaped references will never
be expanded, regardless of whether
the variable exists or not. Defaults
to "".'
type: string
valueFrom:
description: Source for the environment
variable's value. Cannot be used
if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of
a ConfigMap.
properties:
key:
description: The key to
select.
type: string
name:
description: 'Name of the
referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful
fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether
the ConfigMap or its key
must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field
of the pod: supports metadata.name,
metadata.namespace, `metadata.labels[''<KEY>'']`,
`metadata.annotations[''<KEY>'']`,
spec.nodeName, spec.serviceAccountName,
status.hostIP, status.podIP,
status.podIPs.'
properties:
apiVersion:
description: Version of
the schema the FieldPath
is written in terms of,
defaults to "v1".
type: string
fieldPath:
description: Path of the
field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource
of the container: only resources
limits and requests (limits.cpu,
limits.memory, limits.ephemeral-storage,
requests.cpu, requests.memory
and requests.ephemeral-storage)
are currently supported.'
properties:
containerName:
description: 'Container
name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the
output format of the exposed
resources, defaults to
"1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required:
resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of
a secret in the pod's namespace
properties:
key:
description: The key of
the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the
referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful
fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether
the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
envFrom:
description: List of sources to populate
environment variables in the container.
The keys defined within a source must
be a C_IDENTIFIER. All invalid keys
will be reported as an event when the
container is starting. When a key exists
in multiple sources, the value associated
with the last source will take precedence.
Values defined by an Env with a duplicate
key will take precedence. Cannot be
updated.
items:
description: EnvFromSource represents
the source of a set of ConfigMaps
properties:
configMapRef:
description: The ConfigMap to select
from
properties:
name:
description: 'Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields.
apiVersion, kind, uid?'
type: string
optional:
description: Specify whether
the ConfigMap must be defined
type: boolean
type: object
prefix:
description: An optional identifier
to prepend to each key in the
ConfigMap. Must be a C_IDENTIFIER.
type: string
secretRef:
description: The Secret to select
from
properties:
name:
description: 'Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields.
apiVersion, kind, uid?'
type: string
optional:
description: Specify whether
the Secret must be defined
type: boolean
type: object
type: object
type: array
image:
description: 'Container image name. More
info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher
level config management to default or
override container images in workload
controllers like Deployments and StatefulSets.'
type: string
imagePullPolicy:
description: 'Image pull policy. One of
Always, Never, IfNotPresent. Defaults
to Always if :latest tag is specified,
or IfNotPresent otherwise. Cannot be
updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
type: string
lifecycle:
description: Actions that the management
system should take in response to container
lifecycle events. Cannot be updated.
properties:
postStart:
description: 'PostStart is called
immediately after a container is
created. If the handler fails, the
container is terminated and restarted
according to its restart policy.
Other management of the container
blocks until the hook completes.
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: Exec specifies the
action to take.
properties:
command:
description: Command is the
command line to execute
inside the container, the
working directory for the
command is root ('/') in
the container's filesystem.
The command is simply exec'd,
it is not run inside a shell,
so traditional shell instructions
('|', etc) won't work. To
use a shell, you need to
explicitly call out to that
shell. Exit status of 0
is treated as live/healthy
and non-zero is unhealthy.
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies
the http request to perform.
properties:
host:
description: Host name to
connect to, defaults to
the pod IP. You probably
want to set "Host" in httpHeaders
instead.
type: string
httpHeaders:
description: Custom headers
to set in the request. HTTP
allows repeated headers.
items:
description: HTTPHeader
describes a custom header
to be used in HTTP probes
properties:
name:
description: The header
field name
type: string
value:
description: The header
field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access
on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number
of the port to access on
the container. Number must
be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use
for connecting to the host.
Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: Deprecated. TCPSocket
is NOT supported as a LifecycleHandler
and kept for the backward compatibility.
There are no validation of this
field and lifecycle hooks will
fail in runtime when tcp handler
is specified.
properties:
host:
description: 'Optional: Host
name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name
of the port to access on
the container. Number must
be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
preStop:
description: 'PreStop is called immediately
before a container is terminated
due to an API request or management
event such as liveness/startup probe
failure, preemption, resource contention,
etc. The handler is not called if
the container crashes or exits.
The Pod''s termination grace period
countdown begins before the PreStop
hook is executed. Regardless of
the outcome of the handler, the
container will eventually terminate
within the Pod''s termination grace
period (unless delayed by finalizers).
Other management of the container
blocks until the hook completes
or until the termination grace period
is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: Exec specifies the
action to take.
properties:
command:
description: Command is the
command line to execute
inside the container, the
working directory for the
command is root ('/') in
the container's filesystem.
The command is simply exec'd,
it is not run inside a shell,
so traditional shell instructions
('|', etc) won't work. To
use a shell, you need to
explicitly call out to that
shell. Exit status of 0
is treated as live/healthy
and non-zero is unhealthy.
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies
the http request to perform.
properties:
host:
description: Host name to
connect to, defaults to
the pod IP. You probably
want to set "Host" in httpHeaders
instead.
type: string
httpHeaders:
description: Custom headers
to set in the request. HTTP
allows repeated headers.
items:
description: HTTPHeader
describes a custom header
to be used in HTTP probes
properties:
name:
description: The header
field name
type: string
value:
description: The header
field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access
on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number
of the port to access on
the container. Number must
be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use
for connecting to the host.
Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: Deprecated. TCPSocket
is NOT supported as a LifecycleHandler
and kept for the backward compatibility.
There are no validation of this
field and lifecycle hooks will
fail in runtime when tcp handler
is specified.
properties:
host:
description: 'Optional: Host
name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name
of the port to access on
the container. Number must
be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
type: object
livenessProbe:
description: 'Periodic probe of container
liveness. Container will be restarted
if the probe fails. Cannot be updated.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: Exec specifies the action
to take.
properties:
command:
description: Command is the command
line to execute inside the container,
the working directory for the
command is root ('/') in the
container's filesystem. The
command is simply exec'd, it
is not run inside a shell, so
traditional shell instructions
('|', etc) won't work. To use
a shell, you need to explicitly
call out to that shell. Exit
status of 0 is treated as live/healthy
and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures
for the probe to be considered failed
after having succeeded. Defaults
to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action
involving a GRPC port. This is a
beta field and requires enabling
GRPCContainerProbe feature gate.
properties:
port:
description: Port number of the
gRPC service. Number must be
in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name
of the service to place in the
gRPC HealthCheckRequest (see
https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified,
the default behavior is defined
by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the
http request to perform.
properties:
host:
description: Host name to connect
to, defaults to the pod IP.
You probably want to set "Host"
in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to
set in the request. HTTP allows
repeated headers.
items:
description: HTTPHeader describes
a custom header to be used
in HTTP probes
properties:
name:
description: The header
field name
type: string
value:
description: The header
field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on
the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of
the port to access on the container.
Number must be in the range
1 to 65535. Name must be an
IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for
connecting to the host. Defaults
to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after
the container has started before
liveness probes are initiated. More
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds)
to perform the probe. Default to
10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes
for the probe to be considered successful
after having failed. Defaults to
1. Must be 1 for liveness and startup.
Minimum value is 1.
format: int32
type: integer
tcpSocket:
description: TCPSocket specifies an
action involving a TCP port.
properties:
host:
description: 'Optional: Host name
to connect to, defaults to the
pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of
the port to access on the container.
Number must be in the range
1 to 65535. Name must be an
IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
terminationGracePeriodSeconds:
description: Optional duration in
seconds the pod needs to terminate
gracefully upon probe failure. The
grace period is the duration in
seconds after the processes running
in the pod are sent a termination
signal and the time when the processes
are forcibly halted with a kill
signal. Set this value longer than
the expected cleanup time for your
process. If this value is nil, the
pod's terminationGracePeriodSeconds
will be used. Otherwise, this value
overrides the value provided by
the pod spec. Value must be non-negative
integer. The value zero indicates
stop immediately via the kill signal
(no opportunity to shut down). This
is a beta field and requires enabling
ProbeTerminationGracePeriod feature
gate. Minimum value is 1. spec.terminationGracePeriodSeconds
is used if unset.
format: int64
type: integer
timeoutSeconds:
description: 'Number of seconds after
which the probe times out. Defaults
to 1 second. Minimum value is 1.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
name:
description: Name of the container specified
as a DNS_LABEL. Each container in a
pod must have a unique name (DNS_LABEL).
Cannot be updated.
type: string
ports:
description: List of ports to expose from
the container. Exposing a port here
gives the system additional information
about the network connections a container
uses, but is primarily informational.
Not specifying a port here DOES NOT
prevent that port from being exposed.
Any port which is listening on the default
"0.0.0.0" address inside a container
will be accessible from the network.
Cannot be updated.
items:
description: ContainerPort represents
a network port in a single container.
properties:
containerPort:
description: Number of port to expose
on the pod's IP address. This
must be a valid port number, 0
< x < 65536.
format: int32
type: integer
hostIP:
description: What host IP to bind
the external port to.
type: string
hostPort:
description: Number of port to expose
on the host. If specified, this
must be a valid port number, 0
< x < 65536. If HostNetwork is
specified, this must match ContainerPort.
Most containers do not need this.
format: int32
type: integer
name:
description: If specified, this
must be an IANA_SVC_NAME and unique
within the pod. Each named port
in a pod must have a unique name.
Name for the port that can be
referred to by services.
type: string
protocol:
default: TCP
description: Protocol for port.
Must be UDP, TCP, or SCTP. Defaults
to "TCP".
type: string
required:
- containerPort
- protocol
type: object
type: array
x-kubernetes-list-map-keys:
- containerPort
- protocol
x-kubernetes-list-type: map
readinessProbe:
description: 'Periodic probe of container
service readiness. Container will be
removed from service endpoints if the
probe fails. Cannot be updated. More
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: Exec specifies the action
to take.
properties:
command:
description: Command is the command
line to execute inside the container,
the working directory for the
command is root ('/') in the
container's filesystem. The
command is simply exec'd, it
is not run inside a shell, so
traditional shell instructions
('|', etc) won't work. To use
a shell, you need to explicitly
call out to that shell. Exit
status of 0 is treated as live/healthy
and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures
for the probe to be considered failed
after having succeeded. Defaults
to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action
involving a GRPC port. This is a
beta field and requires enabling
GRPCContainerProbe feature gate.
properties:
port:
description: Port number of the
gRPC service. Number must be
in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name
of the service to place in the
gRPC HealthCheckRequest (see
https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified,
the default behavior is defined
by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the
http request to perform.
properties:
host:
description: Host name to connect
to, defaults to the pod IP.
You probably want to set "Host"
in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to
set in the request. HTTP allows
repeated headers.
items:
description: HTTPHeader describes
a custom header to be used
in HTTP probes
properties:
name:
description: The header
field name
type: string
value:
description: The header
field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on
the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of
the port to access on the container.
Number must be in the range
1 to 65535. Name must be an
IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for
connecting to the host. Defaults
to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after
the container has started before
liveness probes are initiated. More
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds)
to perform the probe. Default to
10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes
for the probe to be considered successful
after having failed. Defaults to
1. Must be 1 for liveness and startup.
Minimum value is 1.
format: int32
type: integer
tcpSocket:
description: TCPSocket specifies an
action involving a TCP port.
properties:
host:
description: 'Optional: Host name
to connect to, defaults to the
pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of
the port to access on the container.
Number must be in the range
1 to 65535. Name must be an
IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
terminationGracePeriodSeconds:
description: Optional duration in
seconds the pod needs to terminate
gracefully upon probe failure. The
grace period is the duration in
seconds after the processes running
in the pod are sent a termination
signal and the time when the processes
are forcibly halted with a kill
signal. Set this value longer than
the expected cleanup time for your
process. If this value is nil, the
pod's terminationGracePeriodSeconds
will be used. Otherwise, this value
overrides the value provided by
the pod spec. Value must be non-negative
integer. The value zero indicates
stop immediately via the kill signal
(no opportunity to shut down). This
is a beta field and requires enabling
ProbeTerminationGracePeriod feature
gate. Minimum value is 1. spec.terminationGracePeriodSeconds
is used if unset.
format: int64
type: integer
timeoutSeconds:
description: 'Number of seconds after
which the probe times out. Defaults
to 1 second. Minimum value is 1.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
resources:
description: 'Compute Resources required
by this container. Cannot be updated.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the
maximum amount of compute resources
allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the
minimum amount of compute resources
required. If Requests is omitted
for a container, it defaults to
Limits if that is explicitly specified,
otherwise to an implementation-defined
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
securityContext:
description: 'SecurityContext defines
the security options the container should
be run with. If set, the fields of SecurityContext
override the equivalent fields of PodSecurityContext.
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation
controls whether a process can gain
more privileges than its parent
process. This bool directly controls
if the no_new_privs flag will be
set on the container process. AllowPrivilegeEscalation
is true always when the container
is: 1) run as Privileged 2) has
CAP_SYS_ADMIN Note that this field
cannot be set when spec.os.name
is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop
when running containers. Defaults
to the default set of capabilities
granted by the container runtime.
Note that this field cannot be set
when spec.os.name is windows.
properties:
add:
description: Added capabilities
items:
description: Capability represent
POSIX capabilities type
type: string
type: array
drop:
description: Removed capabilities
items:
description: Capability represent
POSIX capabilities type
type: string
type: array
type: object
privileged:
description: Run container in privileged
mode. Processes in privileged containers
are essentially equivalent to root
on the host. Defaults to false.
Note that this field cannot be set
when spec.os.name is windows.
type: boolean
procMount:
description: procMount denotes the
type of proc mount to use for the
containers. The default is DefaultProcMount
which uses the container runtime
defaults for readonly paths and
masked paths. This requires the
ProcMountType feature flag to be
enabled. Note that this field cannot
be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container
has a read-only root filesystem.
Default is false. Note that this
field cannot be set when spec.os.name
is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint
of the container process. Uses runtime
default if unset. May also be set
in PodSecurityContext. If set in
both SecurityContext and PodSecurityContext,
the value specified in SecurityContext
takes precedence. Note that this
field cannot be set when spec.os.name
is windows.
format: int64
type: integer
runAsNonRoot:
description: Indicates that the container
must run as a non-root user. If
true, the Kubelet will validate
the image at runtime to ensure that
it does not run as UID 0 (root)
and fail to start the container
if it does. If unset or false, no
such validation will be performed.
May also be set in PodSecurityContext. If
set in both SecurityContext and
PodSecurityContext, the value specified
in SecurityContext takes precedence.
type: boolean
runAsUser:
description: The UID to run the entrypoint
of the container process. Defaults
to user specified in image metadata
if unspecified. May also be set
in PodSecurityContext. If set in
both SecurityContext and PodSecurityContext,
the value specified in SecurityContext
takes precedence. Note that this
field cannot be set when spec.os.name
is windows.
format: int64
type: integer
seLinuxOptions:
description: The SELinux context to
be applied to the container. If
unspecified, the container runtime
will allocate a random SELinux context
for each container. May also be
set in PodSecurityContext. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext
takes precedence. Note that this
field cannot be set when spec.os.name
is windows.
properties:
level:
description: Level is SELinux
level label that applies to
the container.
type: string
role:
description: Role is a SELinux
role label that applies to the
container.
type: string
type:
description: Type is a SELinux
type label that applies to the
container.
type: string
user:
description: User is a SELinux
user label that applies to the
container.
type: string
type: object
seccompProfile:
description: The seccomp options to
use by this container. If seccomp
options are provided at both the
pod & container level, the container
options override the pod options.
Note that this field cannot be set
when spec.os.name is windows.
properties:
localhostProfile:
description: localhostProfile
indicates a profile defined
in a file on the node should
be used. The profile must be
preconfigured on the node to
work. Must be a descending path,
relative to the kubelet's configured
seccomp profile location. Must
only be set if type is "Localhost".
type: string
type:
description: "type indicates which
kind of seccomp profile will
be applied. Valid options are:
\n Localhost - a profile defined
in a file on the node should
be used. RuntimeDefault - the
container runtime default profile
should be used. Unconfined -
no profile should be applied."
type: string
required:
- type
type: object
windowsOptions:
description: The Windows specific
settings applied to all containers.
If unspecified, the options from
the PodSecurityContext will be used.
If set in both SecurityContext and
PodSecurityContext, the value specified
in SecurityContext takes precedence.
Note that this field cannot be set
when spec.os.name is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec
is where the GMSA admission
webhook (https://github.com/kubernetes-sigs/windows-gmsa)
inlines the contents of the
GMSA credential spec named by
the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName
is the name of the GMSA credential
spec to use.
type: string
hostProcess:
description: HostProcess determines
if a container should be run
as a 'Host Process' container.
This field is alpha-level and
will only be honored by components
that enable the WindowsHostProcessContainers
feature flag. Setting this field
without the feature flag will
result in errors when validating
the Pod. All of a Pod's containers
must have the same effective
HostProcess value (it is not
allowed to have a mix of HostProcess
containers and non-HostProcess
containers). In addition, if
HostProcess is true then HostNetwork
must also be set to true.
type: boolean
runAsUserName:
description: The UserName in Windows
to run the entrypoint of the
container process. Defaults
to the user specified in image
metadata if unspecified. May
also be set in PodSecurityContext.
If set in both SecurityContext
and PodSecurityContext, the
value specified in SecurityContext
takes precedence.
type: string
type: object
type: object
startupProbe:
description: 'StartupProbe indicates that
the Pod has successfully initialized.
If specified, no other probes are executed
until this completes successfully. If
this probe fails, the Pod will be restarted,
just as if the livenessProbe failed.
This can be used to provide different
probe parameters at the beginning of
a Pod''s lifecycle, when it might take
a long time to load data or warm a cache,
than during steady-state operation.
This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: Exec specifies the action
to take.
properties:
command:
description: Command is the command
line to execute inside the container,
the working directory for the
command is root ('/') in the
container's filesystem. The
command is simply exec'd, it
is not run inside a shell, so
traditional shell instructions
('|', etc) won't work. To use
a shell, you need to explicitly
call out to that shell. Exit
status of 0 is treated as live/healthy
and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures
for the probe to be considered failed
after having succeeded. Defaults
to 3. Minimum value is 1.
format: int32
type: integer
grpc:
description: GRPC specifies an action
involving a GRPC port. This is a
beta field and requires enabling
GRPCContainerProbe feature gate.
properties:
port:
description: Port number of the
gRPC service. Number must be
in the range 1 to 65535.
format: int32
type: integer
service:
description: "Service is the name
of the service to place in the
gRPC HealthCheckRequest (see
https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
\n If this is not specified,
the default behavior is defined
by gRPC."
type: string
required:
- port
type: object
httpGet:
description: HTTPGet specifies the
http request to perform.
properties:
host:
description: Host name to connect
to, defaults to the pod IP.
You probably want to set "Host"
in httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to
set in the request. HTTP allows
repeated headers.
items:
description: HTTPHeader describes
a custom header to be used
in HTTP probes
properties:
name:
description: The header
field name
type: string
value:
description: The header
field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on
the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of
the port to access on the container.
Number must be in the range
1 to 65535. Name must be an
IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for
connecting to the host. Defaults
to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after
the container has started before
liveness probes are initiated. More
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds)
to perform the probe. Default to
10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes
for the probe to be considered successful
after having failed. Defaults to
1. Must be 1 for liveness and startup.
Minimum value is 1.
format: int32
type: integer
tcpSocket:
description: TCPSocket specifies an
action involving a TCP port.
properties:
host:
description: 'Optional: Host name
to connect to, defaults to the
pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of
the port to access on the container.
Number must be in the range
1 to 65535. Name must be an
IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
terminationGracePeriodSeconds:
description: Optional duration in
seconds the pod needs to terminate
gracefully upon probe failure. The
grace period is the duration in
seconds after the processes running
in the pod are sent a termination
signal and the time when the processes
are forcibly halted with a kill
signal. Set this value longer than
the expected cleanup time for your
process. If this value is nil, the
pod's terminationGracePeriodSeconds
will be used. Otherwise, this value
overrides the value provided by
the pod spec. Value must be non-negative
integer. The value zero indicates
stop immediately via the kill signal
(no opportunity to shut down). This
is a beta field and requires enabling
ProbeTerminationGracePeriod feature
gate. Minimum value is 1. spec.terminationGracePeriodSeconds
is used if unset.
format: int64
type: integer
timeoutSeconds:
description: 'Number of seconds after
which the probe times out. Defaults
to 1 second. Minimum value is 1.
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
stdin:
description: Whether this container should
allocate a buffer for stdin in the container
runtime. If this is not set, reads from
stdin in the container will always result
in EOF. Default is false.
type: boolean
stdinOnce:
description: Whether the container runtime
should close the stdin channel after
it has been opened by a single attach.
When stdin is true the stdin stream
will remain open across multiple attach
sessions. If stdinOnce is set to true,
stdin is opened on container start,
is empty until the first client attaches
to stdin, and then remains open and
accepts data until the client disconnects,
at which time stdin is closed and remains
closed until the container is restarted.
If this flag is false, a container processes
that reads from stdin will never receive
an EOF. Default is false
type: boolean
terminationMessagePath:
description: 'Optional: Path at which
the file to which the container''s termination
message will be written is mounted into
the container''s filesystem. Message
written is intended to be brief final
status, such as an assertion failure
message. Will be truncated by the node
if greater than 4096 bytes. The total
message length across all containers
will be limited to 12kb. Defaults to
/dev/termination-log. Cannot be updated.'
type: string
terminationMessagePolicy:
description: Indicate how the termination
message should be populated. File will
use the contents of terminationMessagePath
to populate the container status message
on both success and failure. FallbackToLogsOnError
will use the last chunk of container
log output if the termination message
file is empty and the container exited
with an error. The log output is limited
to 2048 bytes or 80 lines, whichever
is smaller. Defaults to File. Cannot
be updated.
type: string
tty:
description: Whether this container should
allocate a TTY for itself, also requires
'stdin' to be true. Default is false.
type: boolean
volumeDevices:
description: volumeDevices is the list
of block devices to be used by the container.
items:
description: volumeDevice describes
a mapping of a raw block device within
a container.
properties:
devicePath:
description: devicePath is the path
inside of the container that the
device will be mapped to.
type: string
name:
description: name must match the
name of a persistentVolumeClaim
in the pod
type: string
required:
- devicePath
- name
type: object
type: array
volumeMounts:
description: Pod volumes to mount into
the container's filesystem. Cannot be
updated.
items:
description: VolumeMount describes a
mounting of a Volume within a container.
properties:
mountPath:
description: Path within the container
at which the volume should be
mounted. Must not contain ':'.
type: string
mountPropagation:
description: mountPropagation determines
how mounts are propagated from
the host to container and the
other way around. When not set,
MountPropagationNone is used.
This field is beta in 1.10.
type: string
name:
description: This must match the
Name of a Volume.
type: string
readOnly:
description: Mounted read-only if
true, read-write otherwise (false
or unspecified). Defaults to false.
type: boolean
subPath:
description: Path within the volume
from which the container's volume
should be mounted. Defaults to
"" (volume's root).
type: string
subPathExpr:
description: Expanded path within
the volume from which the container's
volume should be mounted. Behaves
similarly to SubPath but environment
variable references $(VAR_NAME)
are expanded using the container's
environment. Defaults to "" (volume's
root). SubPathExpr and SubPath
are mutually exclusive.
type: string
required:
- mountPath
- name
type: object
type: array
workingDir:
description: Container's working directory.
If not specified, the container runtime's
default will be used, which might be
configured in the container image. Cannot
be updated.
type: string
required:
- name
type: object
type: array
timeout:
description: Timeout defines the maximum amount
of time Velero should wait for the initContainers
to complete.
type: string
type: object
type: object
type: array
required:
- name
type: object
type: array
type: object
includeClusterResources:
description: IncludeClusterResources specifies whether cluster-scoped
resources should be included for consideration in the restore.
If null, defaults to true.
nullable: true
type: boolean
includedNamespaces:
description: IncludedNamespaces is a slice of namespace names to
include objects from. If empty, all namespaces are included.
items:
type: string
nullable: true
type: array
includedResources:
description: IncludedResources is a slice of resource names to include
in the restore. If empty, all resources in the backup are included.
items:
type: string
nullable: true
type: array
labelSelector:
description: LabelSelector is a metav1.LabelSelector to filter with
when restoring individual objects from the backup. If empty or
nil, all objects are included. Optional.
nullable: true
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the
key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
namespaceMapping:
additionalProperties:
type: string
description: NamespaceMapping is a map of source namespace names
to target namespace names to restore into. Any source namespaces
not included in the map will be restored into namespaces of the
same name.
type: object
orLabelSelectors:
description: OrLabelSelectors is list of metav1.LabelSelector to
filter with when restoring individual objects from the backup.
If multiple provided they will be joined by the OR operator. LabelSelector
as well as OrLabelSelectors cannot co-exist in restore request,
only one of them can be used
items:
description: A label selector is a label query over a set of resources.
The result of matchLabels and matchExpressions are ANDed. An
empty label selector matches all objects. A null label selector
matches no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If
the operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A
single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is "key",
the operator is "In", and the values array contains only
"value". The requirements are ANDed.
type: object
type: object
nullable: true
type: array
preserveNodePorts:
description: PreserveNodePorts specifies whether to restore old
nodePorts from backup.
nullable: true
type: boolean
restorePVs:
description: RestorePVs specifies whether to restore all included
PVs from snapshot (via the cloudprovider).
nullable: true
type: boolean
restoreStatus:
description: RestoreStatus specifies which resources we should restore
the status field. If nil, no objects are included. Optional.
nullable: true
properties:
excludedResources:
description: ExcludedResources specifies the resources to which
will not restore the status.
items:
type: string
nullable: true
type: array
includedResources:
description: IncludedResources specifies the resources to which
will restore the status. If empty, it applies to all resources.
items:
type: string
nullable: true
type: array
type: object
scheduleName:
description: ScheduleName is the unique name of the Velero schedule
to restore from. If specified, and BackupName is empty, Velero
will restore from the most recent successful backup created from
this schedule.
type: string
required:
- backupName
type: object
status:
description: RestoreStatus captures the current status of a Velero restore
properties:
completionTimestamp:
description: CompletionTimestamp records the time the restore operation
was completed. Completion time is recorded even on failed restore.
The server's time is used for StartTimestamps
format: date-time
nullable: true
type: string
errors:
description: Errors is a count of all error messages that were generated
during execution of the restore. The actual errors are stored
in object storage.
type: integer
failureReason:
description: FailureReason is an error that caused the entire restore
to fail.
type: string
phase:
description: Phase is the current state of the Restore
enum:
- New
- FailedValidation
- InProgress
- Completed
- PartiallyFailed
- Failed
type: string
progress:
description: Progress contains information about the restore's execution
progress. Note that this information is best-effort only -- if
Velero fails to update it during a restore for any reason, it
may be inaccurate/stale.
nullable: true
properties:
itemsRestored:
description: ItemsRestored is the number of items that have
actually been restored so far
type: integer
totalItems:
description: TotalItems is the total number of items to be restored.
This number may change throughout the execution of the restore
due to plugins that return additional related items to restore
type: integer
type: object
startTimestamp:
description: StartTimestamp records the time the restore operation
was started. The server's time is used for StartTimestamps
format: date-time
nullable: true
type: string
validationErrors:
description: ValidationErrors is a slice of all validation errors
(if applicable)
items:
type: string
nullable: true
type: array
warnings:
description: Warnings is a count of all warning messages that were
generated during execution of the restore. The actual warnings
are stored in object storage.
type: integer
type: object
type: object
served: true
storage: true
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
component: velero
name: schedules.velero.io
spec:
group: velero.io
names:
kind: Schedule
listKind: ScheduleList
plural: schedules
singular: schedule
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Status of the schedule
jsonPath: .status.phase
name: Status
type: string
- description: A Cron expression defining when to run the Backup
jsonPath: .spec.schedule
name: Schedule
type: string
- description: The last time a Backup was run for this schedule
jsonPath: .status.lastBackup
name: LastBackup
type: date
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: Schedule is a Velero resource that represents a pre-scheduled
or periodic Backup that should be run.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint the
client submits requests to. Cannot be updated. In CamelCase. More
info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ScheduleSpec defines the specification for a Velero schedule
properties:
schedule:
description: Schedule is a Cron expression defining when to run
the Backup.
type: string
template:
description: Template is the definition of the Backup to be run
on the provided schedule
properties:
csiSnapshotTimeout:
description: CSISnapshotTimeout specifies the time used to wait
for CSI VolumeSnapshot status turns to ReadyToUse during creation,
before returning error as timeout. The default value is 10
minute.
type: string
defaultVolumesToRestic:
description: DefaultVolumesToRestic specifies whether restic
should be used to take a backup of all pod volumes by default.
type: boolean
excludedNamespaces:
description: ExcludedNamespaces contains a list of namespaces
that are not included in the backup.
items:
type: string
nullable: true
type: array
excludedResources:
description: ExcludedResources is a slice of resource names
that are not included in the backup.
items:
type: string
nullable: true
type: array
hooks:
description: Hooks represent custom behaviors that should be
executed at different phases of the backup.
properties:
resources:
description: Resources are hooks that should be executed
when backing up individual instances of a resource.
items:
description: BackupResourceHookSpec defines one or more
BackupResourceHooks that should be executed based on
the rules defined for namespaces, resources, and label
selector.
properties:
excludedNamespaces:
description: ExcludedNamespaces specifies the namespaces
to which this hook spec does not apply.
items:
type: string
nullable: true
type: array
excludedResources:
description: ExcludedResources specifies the resources
to which this hook spec does not apply.
items:
type: string
nullable: true
type: array
includedNamespaces:
description: IncludedNamespaces specifies the namespaces
to which this hook spec applies. If empty, it applies
to all namespaces.
items:
type: string
nullable: true
type: array
includedResources:
description: IncludedResources specifies the resources
to which this hook spec applies. If empty, it applies
to all resources.
items:
type: string
nullable: true
type: array
labelSelector:
description: LabelSelector, if specified, filters
the resources to which this hook spec applies.
nullable: true
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement is
a selector that contains values, a key, and
an operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If
the operator is Exists or DoesNotExist,
the values array must be empty. This array
is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
name:
description: Name is the name of this hook.
type: string
post:
description: PostHooks is a list of BackupResourceHooks
to execute after storing the item in the backup.
These are executed after all "additional items"
from item actions are processed.
items:
description: BackupResourceHook defines a hook for
a resource.
properties:
exec:
description: Exec defines an exec hook.
properties:
command:
description: Command is the command and
arguments to execute.
items:
type: string
minItems: 1
type: array
container:
description: Container is the container
in the pod where the command should be
executed. If not specified, the pod's
first container is used.
type: string
onError:
description: OnError specifies how Velero
should behave if it encounters an error
executing this hook.
enum:
- Continue
- Fail
type: string
timeout:
description: Timeout defines the maximum
amount of time Velero should wait for
the hook to complete before considering
the execution a failure.
type: string
required:
- command
type: object
required:
- exec
type: object
type: array
pre:
description: PreHooks is a list of BackupResourceHooks
to execute prior to storing the item in the backup.
These are executed before any "additional items"
from item actions are processed.
items:
description: BackupResourceHook defines a hook for
a resource.
properties:
exec:
description: Exec defines an exec hook.
properties:
command:
description: Command is the command and
arguments to execute.
items:
type: string
minItems: 1
type: array
container:
description: Container is the container
in the pod where the command should be
executed. If not specified, the pod's
first container is used.
type: string
onError:
description: OnError specifies how Velero
should behave if it encounters an error
executing this hook.
enum:
- Continue
- Fail
type: string
timeout:
description: Timeout defines the maximum
amount of time Velero should wait for
the hook to complete before considering
the execution a failure.
type: string
required:
- command
type: object
required:
- exec
type: object
type: array
required:
- name
type: object
nullable: true
type: array
type: object
includeClusterResources:
description: IncludeClusterResources specifies whether cluster-scoped
resources should be included for consideration in the backup.
nullable: true
type: boolean
includedNamespaces:
description: IncludedNamespaces is a slice of namespace names
to include objects from. If empty, all namespaces are included.
items:
type: string
nullable: true
type: array
includedResources:
description: IncludedResources is a slice of resource names
to include in the backup. If empty, all resources are included.
items:
type: string
nullable: true
type: array
labelSelector:
description: LabelSelector is a metav1.LabelSelector to filter
with when adding individual objects to the backup. If empty
or nil, all objects are included. Optional.
nullable: true
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty. This
array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
metadata:
properties:
labels:
additionalProperties:
type: string
type: object
type: object
orLabelSelectors:
description: OrLabelSelectors is list of metav1.LabelSelector
to filter with when adding individual objects to the backup.
If multiple provided they will be joined by the OR operator.
LabelSelector as well as OrLabelSelectors cannot co-exist
in backup request, only one of them can be used.
items:
description: A label selector is a label query over a set
of resources. The result of matchLabels and matchExpressions
are ANDed. An empty label selector matches all objects.
A null label selector matches no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
nullable: true
type: array
orderedResources:
additionalProperties:
type: string
description: OrderedResources specifies the backup order of
resources of specific Kind. The map key is the Kind name and
value is a list of resource names separated by commas. Each
resource name has format "namespace/resourcename". For cluster
resources, simply use "resourcename".
nullable: true
type: object
snapshotVolumes:
description: SnapshotVolumes specifies whether to take cloud
snapshots of any PV's referenced in the set of objects included
in the Backup.
nullable: true
type: boolean
storageLocation:
description: StorageLocation is a string containing the name
of a BackupStorageLocation where the backup should be stored.
type: string
ttl:
description: TTL is a time.Duration-parseable string describing
how long the Backup should be retained for.
type: string
volumeSnapshotLocations:
description: VolumeSnapshotLocations is a list containing names
of VolumeSnapshotLocations associated with this backup.
items:
type: string
type: array
type: object
useOwnerReferencesInBackup:
description: UseOwnerReferencesBackup specifies whether to use OwnerReferences
on backups created by this Schedule.
nullable: true
type: boolean
required:
- schedule
- template
type: object
status:
description: ScheduleStatus captures the current state of a Velero schedule
properties:
lastBackup:
description: LastBackup is the last time a Backup was run for this
Schedule schedule
format: date-time
nullable: true
type: string
phase:
description: Phase is the current phase of the Schedule
enum:
- New
- Enabled
- FailedValidation
type: string
validationErrors:
description: ValidationErrors is a slice of all validation errors
(if applicable)
items:
type: string
type: array
type: object
type: object
served: true
storage: true
subresources: {}
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
component: velero
name: serverstatusrequests.velero.io
spec:
group: velero.io
names:
kind: ServerStatusRequest
listKind: ServerStatusRequestList
plural: serverstatusrequests
shortNames:
- ssr
singular: serverstatusrequest
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: ServerStatusRequest is a request to access current status information
about the Velero server.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint the
client submits requests to. Cannot be updated. In CamelCase. More
info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ServerStatusRequestSpec is the specification for a ServerStatusRequest.
type: object
status:
description: ServerStatusRequestStatus is the current status of a ServerStatusRequest.
properties:
phase:
description: Phase is the current lifecycle phase of the ServerStatusRequest.
enum:
- New
- Processed
type: string
plugins:
description: Plugins list information about the plugins running
on the Velero server
items:
description: PluginInfo contains attributes of a Velero plugin
properties:
kind:
type: string
name:
type: string
required:
- kind
- name
type: object
nullable: true
type: array
processedTimestamp:
description: ProcessedTimestamp is when the ServerStatusRequest
was processed by the ServerStatusRequestController.
format: date-time
nullable: true
type: string
serverVersion:
description: ServerVersion is the Velero server version.
type: string
type: object
type: object
served: true
storage: true
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
component: velero
name: volumesnapshotlocations.velero.io
spec:
group: velero.io
names:
kind: VolumeSnapshotLocation
listKind: VolumeSnapshotLocationList
plural: volumesnapshotlocations
singular: volumesnapshotlocation
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: VolumeSnapshotLocation is a location where Velero stores volume
snapshots.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint the
client submits requests to. Cannot be updated. In CamelCase. More
info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: VolumeSnapshotLocationSpec defines the specification for
a Velero VolumeSnapshotLocation.
properties:
config:
additionalProperties:
type: string
description: Config is for provider-specific configuration fields.
type: object
provider:
description: Provider is the provider of the volume storage.
type: string
required:
- provider
type: object
status:
description: VolumeSnapshotLocationStatus describes the current status
of a Velero VolumeSnapshotLocation.
properties:
phase:
description: VolumeSnapshotLocationPhase is the lifecycle phase
of a Velero VolumeSnapshotLocation.
enum:
- Available
- Unavailable
type: string
type: object
type: object
served: true
storage: true
- apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: null
labels:
component: velero
name: velero
spec: {}
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: null
labels:
component: velero
name: velero
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: velero
namespace: velero
- apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: null
labels:
component: velero
name: velero
namespace: velero
- apiVersion: v1
data:
cloud: W2RlZmF1bHRdCmF3c19hY2Nlc3Nfa2V5X2lkPW1pbmlvYWRtaW4KYXdzX3NlY3JldF9hY2Nlc3Nfa2V5PW1pbmlvYWRtaW4K
kind: Secret
metadata:
creationTimestamp: null
labels:
component: velero
name: cloud-credentials
namespace: velero
type: Opaque
- apiVersion: velero.io/v1
kind: BackupStorageLocation
metadata:
creationTimestamp: null
labels:
component: velero
name: default
namespace: velero
spec:
config:
region: minio
s3ForcePathStyle: "true"
s3Url: http://192.168.123.11:39111
default: true
objectStorage:
bucket: velero
provider: aws
- apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
component: velero
name: velero
namespace: velero
spec:
selector:
matchLabels:
deploy: velero
strategy: {}
template:
metadata:
annotations:
prometheus.io/path: /metrics
prometheus.io/port: "8085"
prometheus.io/scrape: "true"
creationTimestamp: null
labels:
component: velero
deploy: velero
spec:
containers:
- args:
- server
- --features=
command:
- /velero
env:
- name: VELERO_SCRATCH_DIR
value: /scratch
- name: VELERO_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_LIBRARY_PATH
value: /plugins
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /credentials/cloud
- name: AWS_SHARED_CREDENTIALS_FILE
value: /credentials/cloud
- name: AZURE_CREDENTIALS_FILE
value: /credentials/cloud
- name: ALIBABA_CLOUD_CREDENTIALS_FILE
value: /credentials/cloud
image: velero/velero:v1.9.4
imagePullPolicy: IfNotPresent
name: velero
ports:
- containerPort: 8085
name: metrics
resources:
limits:
cpu: "1"
memory: 512Mi
requests:
cpu: 500m
memory: 128Mi
volumeMounts:
- mountPath: /plugins
name: plugins
- mountPath: /scratch
name: scratch
- mountPath: /credentials
name: cloud-credentials
initContainers:
- image: velero/velero-plugin-for-aws:v1.5.0
imagePullPolicy: IfNotPresent
name: velero-velero-plugin-for-aws
resources: {}
volumeMounts:
- mountPath: /target
name: plugins
restartPolicy: Always
serviceAccountName: velero
volumes:
- emptyDir: {}
name: plugins
- emptyDir: {}
name: scratch
- name: cloud-credentials
secret:
secretName: cloud-credentials
- apiVersion: apps/v1
kind: DaemonSet
metadata:
creationTimestamp: null
labels:
component: velero
name: restic
namespace: velero
spec:
selector:
matchLabels:
name: restic
template:
metadata:
creationTimestamp: null
labels:
component: velero
name: restic
spec:
containers:
- args:
- restic
- server
- --features=
command:
- /velero
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: VELERO_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: VELERO_SCRATCH_DIR
value: /scratch
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /credentials/cloud
- name: AWS_SHARED_CREDENTIALS_FILE
value: /credentials/cloud
- name: AZURE_CREDENTIALS_FILE
value: /credentials/cloud
- name: ALIBABA_CLOUD_CREDENTIALS_FILE
value: /credentials/cloud
image: velero/velero:v1.9.4
imagePullPolicy: IfNotPresent
name: restic
resources:
limits:
cpu: "1"
memory: 1Gi
requests:
cpu: 500m
memory: 512Mi
volumeMounts:
- mountPath: /host_pods
mountPropagation: HostToContainer
name: host-pods
- mountPath: /scratch
name: scratch
- mountPath: /credentials
name: cloud-credentials
securityContext:
runAsUser: 0
serviceAccountName: velero
volumes:
- hostPath:
path: /var/lib/kubelet/pods
name: host-pods
- emptyDir: {}
name: scratch
- name: cloud-credentials
secret:
secretName: cloud-credentials
updateStrategy: {}
kind: List
apply以上的部署清单文件,很快的就可以安装完毕了,查看如下pod,正常运行表示安装完毕:
bash
[root@node4 ~]# k get po -n velero
NAME READY STATUS RESTARTS AGE
restic-2wkqs 1/1 Running 0 5h54m
restic-kw2wl 1/1 Running 0 5h54m
restic-qv6rn 1/1 Running 0 5h54m
restic-ssfrg 1/1 Running 0 5h54m
velero-fbb9469f6-vf4z5 1/1 Running 0 5h54m
四,
kubernetes集群全量资源备份
bash
[root@node4 ~]# v backup create test
Backup request "test" submitted successfully.
Run `velero backup describe test` or `velero backup logs test` for more details.
查看是否备份成功(只有complete是成功的,其它的备份是不可用的):
bash
NAME STATUS ERRORS WARNINGS CREATED EXPIRES STORAGE LOCATION SELECTOR
test Completed 0 0 2023-12-30 20:31:18 +0800 CST 29d default <none>
查看备份详情:
详情里说了所有资源都备份,总共备份了487个单位
bash
[root@node4 ~]# v backup describe test
Name: test
Namespace: velero
Labels: velero.io/storage-location=default
Annotations: velero.io/source-cluster-k8s-gitversion=v1.23.16
velero.io/source-cluster-k8s-major-version=1
velero.io/source-cluster-k8s-minor-version=23
Phase: Completed
Errors: 0
Warnings: 0
Namespaces:
Included: *
Excluded: <none>
Resources:
Included: *
Excluded: <none>
Cluster-scoped: auto
Label selector: <none>
Storage Location: default
Velero-Native Snapshot PVs: auto
TTL: 720h0m0s
Hooks: <none>
Backup Format Version: 1.1.0
Started: 2023-12-30 20:31:18 +0800 CST
Completed: 2023-12-30 20:31:28 +0800 CST
Expiration: 2024-01-29 20:31:18 +0800 CST
Total items to be backed up: 487
Items backed up: 487
Velero-Native Snapshots: <none included>
从minio下载下来的备份文件,里面都是JSON格式的
恢复:
计划恢复的目标是下面的这些
bash
[root@node4 nginx-app]# k get po -n nginx-example
NAME READY STATUS RESTARTS AGE
nginx-deployment-5c844b66c8-7rrz8 1/1 Running 0 81s
nginx-deployment-5c844b66c8-szbg4 1/1 Running 0 81s
现在先删除nginx-example这个命名空间:
bash
[root@node4 nginx-app]# k delete ns nginx-example
namespace "nginx-example" deleted
开始恢复:
bash
[root@node4 nginx-app]# v restore create --from-backup=test
Restore request "test-20231230204606" submitted successfully.
Run `velero restore describe test-20231230204606` or `velero restore logs test-20231230204606` for more details.
查看恢复状态:
可以看到,在执行恢复,稍等片刻
bash
[root@node4 nginx-app]# v restore get
NAME BACKUP STATUS STARTED COMPLETED ERRORS WARNINGS CREATED SELECTOR
test-20231230204606 test InProgress 2023-12-30 20:46:06 +0800 CST <nil> 0 0 2023-12-30 20:46:06 +0800 CST <none>
bash
[root@node4 nginx-app]# v restore get
NAME BACKUP STATUS STARTED COMPLETED ERRORS WARNINGS CREATED SELECTOR
test-20231230204606 test Completed 2023-12-30 20:46:06 +0800 CST 2023-12-30 20:46:52 +0800 CST 0 65 2023-12-30 20:46:06 +0800 CST <none>
查看恢复日志,没有输出表示恢复正常:
bash
[root@node4 nginx-app]# v restore logs test-20231230204606 |grep error
说明:velero的恢复策略是目标资源存在将会跳过,恢复的时候不会检查image版本等等过于细节的地方,也就是说不会覆盖回退,只有删除回退。
查看日志我们应该可以得出这个比较明显的结论:
bash
[root@node4 nginx-app]# v restore logs test-20231230205200 |grep skip
time="2023-12-30T12:52:07Z" level=info msg="Restore of StorageClass, local-storage skipped: it already exists in the cluster and is the same as the backed up version" logSource="pkg/restore/restore.go:1382" restore=velero/test-20231230205200
time="2023-12-30T12:52:07Z" level=info msg="Restore of PersistentVolume, minio skipped: it already exists in the cluster and is the same as the backed up version" logSource="pkg/restore/restore.go:1382" restore=velero/test-20231230205200
time="2023-12-30T12:52:07Z" level=info msg="Restore of PersistentVolumeClaim, data-minio-0 skipped: it already exists in the cluster and is the same as the backed up version" logSource="pkg/restore/restore.go:1382" restore=velero/test-20231230205200
time="2023-12-30T12:52:07Z" level=info msg="Restore of Secret, default-token-24xhh skipped: it already exists in the cluster and is the same as the backed up version" logSource="pkg/restore/restore.go:1382" restore=velero/test-20231230205200
time="2023-12-30T12:52:07Z" level=info msg="Restore of Secret, default-token-sj6wz skipped: it already exists in the cluster and is the same as the backed up version" logSource="pkg/restore/restore.go:1382" restore=velero/test-20231230205200
time="2023-12-30T12:52:07Z" level=info msg="Restore of Secret, default-token-xzlz5 skipped: it already exists in the cluster and is the same as the backed up version" logSource="pkg/restore/restore.go:1382" restore=velero/test-20231230205200
time="2023-12-30T12:52:07Z" level=info msg="Restore of Secret, attachdetach-controller-token-fbrwk skipped: it already exists in the cluster and is the same as the backed up version" logSource="pkg/restore/restore.go:1382" restore=velero/test-20231230205200
五,
velero的部分资源备份和恢复:
单独备份指定的namespace
bash
[root@node4 nginx-app]# v backup create test1 --include-namespaces=nginx-example
Backup request "test1" submitted successfully.
Run `velero backup describe test1` or `velero backup logs test1` for more details.
查看备份详情:
bash
[root@node4 nginx-app]# v backup describe test1
Name: test1
Namespace: velero
Labels: velero.io/storage-location=default
Annotations: velero.io/source-cluster-k8s-gitversion=v1.23.16
velero.io/source-cluster-k8s-major-version=1
velero.io/source-cluster-k8s-minor-version=23
Phase: Completed
Errors: 0
Warnings: 0
Namespaces:
Included: nginx-example
Excluded: <none>
Resources:
Included: *
Excluded: <none>
Cluster-scoped: auto
Label selector: <none>
Storage Location: default
Velero-Native Snapshot PVs: auto
TTL: 720h0m0s
Hooks: <none>
Backup Format Version: 1.1.0
Started: 2023-12-30 21:25:02 +0800 CST
Completed: 2023-12-30 21:25:04 +0800 CST
Expiration: 2024-01-29 21:25:02 +0800 CST
Total items to be backed up: 23
Items backed up: 23
Velero-Native Snapshots: <none included>
使用此备份恢复,并查看恢复情况:
bash
[root@node4 nginx-app]# k delete ns nginx-example
namespace "nginx-example" deleted
[root@node4 nginx-app]# v restore create --from-backup=test1
Restore request "test1-20231230212744" submitted successfully.
Run `velero restore describe test1-20231230212744` or `velero restore logs test1-20231230212744` for more details.
[root@node4 nginx-app]# k get po -n nginx-example
NAME READY STATUS RESTARTS AGE
nginx-deployment-5c844b66c8-7rrz8 1/1 Running 0 4s
nginx-deployment-5c844b66c8-szbg4 1/1 Running 0 4s
这个备份恢复迁移到其它namespace nginx1:
bash
[root@node4 nginx-app]# v restore create --from-backup=test1 --namespace-mappings nginx-example:nginx1
Restore request "test1-20231230220044" submitted successfully.
Run `velero restore describe test1-20231230220044` or `velero restore logs test1-20231230220044` for more details.
[root@node4 nginx-app]# v restore get
NAME BACKUP STATUS STARTED COMPLETED ERRORS WARNINGS CREATED SELECTOR
test-20231230204606 test Completed 2023-12-30 20:46:06 +0800 CST 2023-12-30 20:46:52 +0800 CST 0 65 2023-12-30 20:46:06 +0800 CST <none>
test-20231230205200 test Completed 2023-12-30 20:52:00 +0800 CST 2023-12-30 20:52:52 +0800 CST 0 65 2023-12-30 20:52:00 +0800 CST <none>
test-20231230212059 test Completed 2023-12-30 21:20:59 +0800 CST 2023-12-30 21:21:46 +0800 CST 0 67 2023-12-30 21:20:59 +0800 CST <none>
test1-20231230212744 test1 Completed 2023-12-30 21:27:44 +0800 CST 2023-12-30 21:27:50 +0800 CST 0 1 2023-12-30 21:27:44 +0800 CST <none>
test1-20231230220044 test1 Completed 2023-12-30 22:00:44 +0800 CST 2023-12-30 22:00:50 +0800 CST 0 1 2023-12-30 22:00:44 +0800 CST <none>
[root@node4 nginx-app]# k get po -n nginx1
NAME READY STATUS RESTARTS AGE
nginx-deployment-5c844b66c8-7rrz8 1/1 Running 0 22s
nginx-deployment-5c844b66c8-szbg4 1/1 Running 0 22s
当然了,全备的test里也可以抽namespace出来恢复:
bash
[root@node4 nginx-app]# v restore create --from-backup=test --namespace-mappings nginx-example:nginx3
Restore request "test-20231230220230" submitted successfully.
Run `velero restore describe test-20231230220230` or `velero restore logs test-20231230220230` for more details.
bash
[root@node4 nginx-app]# v restore create --from-backup=test --namespace-mappings kube-system:nginx3
Restore request "test-20231230220613" submitted successfully.
Run `velero restore describe test-20231230220613` or `velero restore logs test-20231230220613` for more details.
[root@node4 nginx-app]# k get po -n nginx3
No resources found in nginx3 namespace.
[root@node4 nginx-app]# k get po -n nginx3
No resources found in nginx3 namespace.
[root@node4 nginx-app]# k get po -n nginx3
No resources found in nginx3 namespace.
[root@node4 nginx-app]# k get po -n nginx3
No resources found in nginx3 namespace.
[root@node4 nginx-app]# k get po -n nginx3
No resources found in nginx3 namespace.
[root@node4 nginx-app]# k get po -n nginx3
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-84897d7cdf-crnmk 0/1 ContainerCreating 0 1s
calico-node-2m7hp 0/1 Init:0/2 0 1s
calico-node-5ztjk 0/1 Init:0/2 0 1s
calico-node-96dmb 0/1 Init:0/2 0 1s
calico-node-rqp2p 0/1 Init:0/2 0 0s
coredns-b7c47bcdc-6vdk2 0/1 ContainerCreating 0 0s
coredns-b7c47bcdc-db9cp 0/1 ContainerCreating 0 0s
kube-proxy-649mn 0/1 Pending 0 0s
kube-proxy-7q7ts 0/1 ContainerCreating 0 0s
kube-proxy-dmd7v 0/1 Pending 0 0s
单独的pod备份就不需要使用velero了,直接kubectl get deploy -n namespace -oyaml 就可以了
注意:
velero restore
恢复不会覆盖已有的资源
,只恢复当前集群中不存在的资源
。已有的资源不会回滚到之前的版本,如需要回滚,需在restore之前提前删除现有的资源。--include-resources
备份集群中的所有 deployments:velero backup create <backup-name> --include-resources deployments
恢复集群中的所有 deployments 和 configmaps。velero restore create <backup-name> --include-resources deployments,configmaps
在 namespace 中备份 deployments。velero backup create <backup-name> --include-resources deployments --include-namespaces <namespace>
--selector
包括与 label selector 匹配的资源。velero backup create <backup-name> --selector <key>=<value>
Excludes
从备份中排除特定资源。通配符排除将被忽略。
--exclude-namespaces
Exclude kube-system from the cluster backup.velero backup create <backup-name> --exclude-namespaces kube-system
还原期间排除两个 namespace。velero restore create <backup-name> --exclude-namespaces <namespace1>,<namespace2>
--exclude-resources
从备份中排除 secrets:velero backup create <backup-name> --exclude-resources secrets
排除 secrets 和 rolebindings:velero backup create <backup-name> --exclude-resources secrets,rolebindings
自动计划备份:
这里说明一下,ttl过期时间可以免去一些备份文件的管理工作,当然普通的备份也可以指定这个过期时间
bash
# 每日1点进行备份
velero create schedule <SCHEDULE NAME> --schedule="0 1 * * *"
# 每日1点进行备份,备份保留72小时
velero create schedule <SCHEDULE NAME> --schedule="0 1 * * *" --ttl 72h
# 每5小时进行一次备份
velero create schedule <SCHEDULE NAME> --schedule="@every 5h"
# 每日对 指定 namespace 进行一次备份 (如dev)
velero create schedule <SCHEDULE NAME> --schedule="@every 24h" --include-namespaces dev
[root@node4 nginx-app]# v create schedule test --schedule="0 0 * * *" --ttl=72h
Schedule "test" created successfully.
[root@node4 nginx-app]# v schedule get
NAME STATUS CREATED SCHEDULE BACKUP TTL LAST BACKUP SELECTOR
test Enabled 2023-12-30 22:29:11 +0800 CST 0 0 * * * 72h0m0s n/a <none>