1.30部署minio
root@k8s-harbor:/etc/kubeasz/clusters/k8s-cluster1# docker run \
-d --restart=always
-p 9000:9000
-p 9090:9090
--name minio
-v /data/minio/data:/data -e "MINIO_ROOT_USER=admin" -e "MINIO_ROOT_PASSWORD=12345678" quay.io/minio/minio server /data --console-address "0.0.0.0:9090"
2a7094a739e28f5bb59eb9da5e3db0960ea002d611d732b822d3cce9af87b26f
在master部署velero
wget https://github.com/vmware-tanzu/velero/releases/download/v1.9.0/velero-v1.9.0-linux-amd64.tar.gz
tar xf velero-v1.9.0-linux-amd64.tar.gz
cd velero-v1.9.0-linux-amd64/
cp velero /usr/bin/
echo 'source <(velero completion bash)' >>~/.bashrc
source .bashrc
velero --help
bash
mkdir -p /data/velero
cd /data/velero
vim velero-auth.txt
[default]
aws_access_key_id = admin
aws_secret_access_key = 12345678部署velero
配置velero访问minio
mkdir -p /data/velero
cd /data/velero
vim velero-auth.txt
default
aws_access_key_id = admin
aws_secret_access_key = Passw0rd
配置velero访问k8s
openssl genrsa --out velero-user.key 2048
openssl req -new -key velero-user.key
-out velero-user.csr
-subj "/CN=velero-user/O=k8s"
openssl x509 -req -days 3650
-CA /etc/kubernetes/ssl/ca.pem
-CAkey /etc/kubernetes/ssl/ca-key.pem -CAcreateserial
-in velero-user.csr -out velero-user.crt
rm -f velero-user.csr
准备kubeconfig认证文件
kubectl config set-cluster k8s-cluster1 --embed-certs
--server=https://192.168.1.24:6443 -
-certificate-authority=/etc/kubernetes/ssl/ca.pem
--kubeconfig=/data/velero/velero-user.config
kubectl config set-credentials velero-user --embed-certs
--client-certificate=/data/velero/velero-user.crt
--client-key=/data/velero/velero-user.key
--kubeconfig=/data/velero/velero-user.config
kubectl config set-context velero-user@k8s-cluster1
--cluster=k8s-cluster1 --user=velero-user
--kubeconfig=/data/velero/velero-user.config
kubectl config use-context velero-user@k8s-cluster1 --kubeconfig=/data/velero/velero-user.config
为velero-user用户授权
kubectl create clusterrolebinding velero-user@clusteradmin --clusterrole=cluster-admin --user=velero-user
安装
kubectl create ns velero-system
velero install --kubeconfig /data/velero/velero-user.config
--provider aws
--plugins velero/velero-plugin-for-aws:v1.3.1
--bucket velero-data
--secret-file /data/velero/velero-auth.txt
--use-volume-snapshots=false
--namespace velero-system \
--backup-location-config region=minio,s3ForcePathStyle="true",s3Url=http://192.168.1.30:9000
查看安装成功
备份默认名称空间
bash
DATE=`date +%Y%m%d%H%M%S`
velero backup create default-ns-backup-${DATE} \
--include-cluster-resources=true \
--include-namespaces default \
--namespace velero-system \
--kubeconfig=/data/velero/velero-user.config查看备份状态
velero backup get -n velero-system
velero backup create default-ns-backup-${DATE}
--include-cluster-resources=true
--include-namespaces monitoring
--namespace velero-system
--kubeconfig=/data/velero/velero-user.config