K8s学习笔记(五) Velero结合minnio业务数据备份与恢复

能不能别报错2025-09-25 14:00

K8s学习笔记(五) Velero结合minnio数据备份与恢复

Velero(曾用名 Heptio Ark)是一款开源的 Kubernetes 集群数据备份与恢复工具,支持集群资源(Deployment、Service 等)和持久化存储数据(PV/PVC)的备份;MinIO 是兼容 S3 协议的对象存储服务,可作为 Velero 的备份存储后端,实现备份数据的集中存储与管理。本文将从原理、环境准备、部署配置、备份恢复操作及最佳实践等维度,全面讲解两者结合的方案。

1 部署minio

1.1 安装docker

1.2 拉取minio镜像

bash 复制代码 
docker pull  minio/minio:RELEASE.2022-04-12T06-55-35Z

1.3 创建数据目录

bash 复制代码 
root@master1:~# mkdir /date/minio

1.4 创建minio容器

bash 复制代码 
root@master1:~# docker run --name minio \
> -p 9000:9000 \
> -p 9999:9999 \
> -d --restart=always \
> -e "MINIO_ROOT_USER=admin" \
> -e "MINIO_ROOT_PASSWORD=12345678" \
> -v /data/minio/data:/data \
> minio/minio:RELEASE.2022-04-12T06-55-35Z server /data \
> --console-address '0.0.0.0:9999'
99b95868de5c3fd962fdec5fa63df5b7cdb834788e46824de7d4fb183a74dbb6
root@master1:~# docker ps
CONTAINER ID        IMAGE                                      COMMAND                  CREATED             STATUS              PORTS                                            NAMES
99b95868de5c        minio/minio:RELEASE.2022-04-12T06-55-35Z   "/usr/bin/docker-ent..."   3 minutes ago       Up 3 minutes        0.0.0.0:9000->9000/tcp, 0.0.0.0:9999->9999/tcp   minio

1.4 访问web页面创建velerodata

2 部署velero

2.1 下载安装包并解压

bash 复制代码 
root@master1:/opt/velero# wget https://github.com/vmware-tanzu/velero/releases/download/v1.8.1/velero-v1.8.1-linux-amd64.tar.gz
--2025-09-24 13:26:12--  https://github.com/vmware-tanzu/velero/releases/download/v1.8.1/velero-v1.8.1-linux-amd64.tar.gz
Connecting to 192.168.121.1:7890... connected.
Proxy request sent, awaiting response... 302 Found
Location: https://release-assets.githubusercontent.com/github-production-release-asset/99143276/2a4ee768-146c-4b85-99ab-ff0b428e2b21?sp=r&sv=2018-11-09&sr=b&spr=https&se=2025-09-24T06%3A11%3A19Z&rscd=attachment%3B+filename%3Dvelero-v1.8.1-linux-amd64.tar.gz&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2025-09-24T05%3A10%3A39Z&ske=2025-09-24T06%3A11%3A19Z&sks=b&skv=2018-11-09&sig=7c1wPTpdDW9LlyMvbUHlRaeDyEHQgZG9LcHfzDf2fg0%3D&jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc1ODY5MTg3MiwibmJmIjoxNzU4NjkxNTcyLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.mAx5WKv284OZkedCa5DnRSfRULF6p2LCVu1bZQ4gEkM&response-content-disposition=attachment%3B%20filename%3Dvelero-v1.8.1-linux-amd64.tar.gz&response-content-type=application%2Foctet-stream [following]
--2025-09-24 13:26:13--  https://release-assets.githubusercontent.com/github-production-release-asset/99143276/2a4ee768-146c-4b85-99ab-ff0b428e2b21?sp=r&sv=2018-11-09&sr=b&spr=https&se=2025-09-24T06%3A11%3A19Z&rscd=attachment%3B+filename%3Dvelero-v1.8.1-linux-amd64.tar.gz&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2025-09-24T05%3A10%3A39Z&ske=2025-09-24T06%3A11%3A19Z&sks=b&skv=2018-11-09&sig=7c1wPTpdDW9LlyMvbUHlRaeDyEHQgZG9LcHfzDf2fg0%3D&jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc1ODY5MTg3MiwibmJmIjoxNzU4NjkxNTcyLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.mAx5WKv284OZkedCa5DnRSfRULF6p2LCVu1bZQ4gEkM&response-content-disposition=attachment%3B%20filename%3Dvelero-v1.8.1-linux-amd64.tar.gz&response-content-type=application%2Foctet-stream
Connecting to 192.168.121.1:7890... connected.
Proxy request sent, awaiting response... 200 OK
Length: 29570064 (28M) [application/octet-stream]
Saving to: 'velero-v1.8.1-linux-amd64.tar.gz'

velero-v1.8.1-linux-amd64.tar.gz                                      100%[=======================================================================================================================================================================>]  28.20M  4.86MB/s    in 6.9s    

2025-09-24 13:26:20 (4.09 MB/s) - 'velero-v1.8.1-linux-amd64.tar.gz' saved [29570064/29570064]

root@master1:/opt/velero# tar xvf velero-v1.8.1-linux-amd64.tar.gz 
velero-v1.8.1-linux-amd64/LICENSE
velero-v1.8.1-linux-amd64/examples/README.md
velero-v1.8.1-linux-amd64/examples/minio
velero-v1.8.1-linux-amd64/examples/minio/00-minio-deployment.yaml
velero-v1.8.1-linux-amd64/examples/nginx-app
velero-v1.8.1-linux-amd64/examples/nginx-app/README.md
velero-v1.8.1-linux-amd64/examples/nginx-app/base.yaml
velero-v1.8.1-linux-amd64/examples/nginx-app/with-pv.yaml
velero-v1.8.1-linux-amd64/velero

# 将解压内容复制到bin目录
root@master1:/opt/velero# cp velero-v1.8.1-linux-amd64/velero  /usr/local/bin/

2.2 配置velero认证环境

bash 复制代码 
# 创建工作目录
root@master1:/opt/velero/velero-v1.8.1-linux-amd64# mkdir /data/velero -p
# 创建认证文件
root@master1:/data/velero# vim velero-auth.txt
# 准备user-csr文件
root@master1:/data/velero# vim awsuser-csr.json
{
  "CN": "awsuser",
  "hosts": [],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "BeiJing",
      "L": "BeiJing",
      "O": "k8s",
      "OU": "System"
    }
  ]
}
# 准备证书签发环境
root@master1:/data/velero# apt install golang-cfssl
root@master1:/data/velero# wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl_1.6.1_linux_amd64 
root@master1:/data/velero# wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssljson_1.6.1_linux_amd64 
root@master1:/data/velero# wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl-certinfo_1.6.1_linux_amd64
root@master1:/data/velero# mv cfssl-certinfo_1.6.1_linux_amd64 cfssl-certinfo
root@master1:/data/velero# mv cfssl_1.6.1_linux_amd64 cfssl
root@master1:/data/velero# mv cfssljson_1.6.1_linux_amd64 cfssljson
root@master1:/data/velero# ls
awsuser-csr.json  cfssl  cfssl-certinfo  cfssljson  velero-auth.txt
root@master1:/data/velero# cp cfssl-certinfo cfssl cfssljson /usr/local/bin/
root@master1:/data/velero# chmod +x /usr/local/bin/cfssl*

# master1节点执行证书签发
root@master1:/data/velero# /usr/local/bin/cfssl gencert -ca=/etc/kubernetes/ssl/ca.pem -ca-key=/etc/kubernetes/ssl/ca-key.pem -config=/etc/kubeasz/clusters/k8s-01/ssl/ca-config.json -profile=kubernetes ./awsuser-csr.json | cfssljson -bare awsuser
2025/09/24 13:42:28 [INFO] generate received request
2025/09/24 13:42:28 [INFO] received CSR
2025/09/24 13:42:28 [INFO] generating key: rsa-2048
2025/09/24 13:42:28 [INFO] encoded CSR
2025/09/24 13:42:28 [INFO] signed certificate with serial number 516389167219572575663844410033161087693372577485
2025/09/24 13:42:28 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").

root@master1:/data/velero# ll
total 40252
drwxr-xr-x 2 root root      166 Sep 24 13:42 ./
drwxr-xr-x 3 root root       20 Sep 24 13:37 ../
-rw-r--r-- 1 root root      221 Sep 24 13:40 awsuser-csr.json
-rw------- 1 root root     1675 Sep 24 13:42 awsuser-key.pem        # 私钥
-rw-r--r-- 1 root root      997 Sep 24 13:42 awsuser.csr      
-rw-r--r-- 1 root root     1387 Sep 24 13:42 awsuser.pem            # 公钥
-rw-r--r-- 1 root root 16659824 Sep 24 13:40 cfssl
-rw-r--r-- 1 root root 13502544 Sep 24 13:40 cfssl-certinfo
-rw-r--r-- 1 root root 11029744 Sep 24 13:40 cfssljson
-rw-r--r-- 1 root root       70 Sep 24 13:40 velero-auth.txt
# 分发证书到api-server证书路径
root@master1:/data/velero# cp awsuser-key.pem /etc/kubernetes/ssl/
root@master1:/data/velero# cp awsuser.pem /etc/kubernetes/ssl/

# 生成集群认证config文件
root@master1:/data/velero# kubectl config set-cluster kubernetes \
> --certificate-authority=/etc/kubernetes/ssl/ca.pem \
> --embed-certs=true \
> --server=${KUBE_APISERVER} \
> --kubeconfig=./awsuser.kubeconfig
Cluster "kubernetes" set.

# 设置客户端证书认证:
root@master1:/data/velero# kubectl config set-credentials awsuser \
> --client-certificate=/etc/kubernetes/ssl/awsuser.pem \
> --client-key=/etc/kubernetes/ssl/awsuser-key.pem \
> --embed-certs=true \
> --kubeconfig=./awsuser.kubeconfig
User "awsuser" set.
root@master1:/data/velero# vim awsuser.kubeconfig 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURsRENDQW55Z0F3SUJBZ0lVZDVqR0VuQ1huSHkvNmozRUZ6ZDA2V0hBQ1RVd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURUxNQWtHQTFVRUJoTUNRMDR4RVRBUEJnTlZCQWdUQ0VoaGJtZGFhRzkxTVFzd0NRWURWUVFIRXdKWQpVekVNTUFvR0ExVUVDaE1EYXpoek1ROHdEUVlEVlFRTEV3WlRlWE4wWlcweEV6QVJCZ05WQkFNVENtdDFZbVZ5CmJtVjBaWE13SUJjTk1qVXdPVEl4TURneU1EQXdXaGdQTWpFeU5UQTRNamd3T0RJd01EQmFNR0V4Q3pBSkJnTlYKQkFZVEFrTk9NUkV3RHdZRFZRUUlFd2hJWVc1bldtaHZkVEVMTUFrR0ExVUVCeE1DV0ZNeEREQUtCZ05WQkFvVApBMnM0Y3pFUE1BMEdBMVVFQ3hNR1UzbHpkR1Z0TVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOCkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTAwS1NjQlJEV3dxN1h0NWkwTnlydk1WZFBKY2gKdVVoMzFLa2hMR3VOd1FVbUZJT1hHbGVYS1c5SjlPR2VMS1l6ZVhWUVNLWkNsb2x5cXQvUFAvVHVtb1J3OHpnZApMQVFSWHozLyt0NWY2MlRnZmVsZHR6OUtuU3FJNzlsNWlvYU12b3FBNURaNkNBd0Z6czhLMWg2Yko4UkFPZWRvCmQyQTJPcXNGcThwem5FRTJCL01sRkxZZk1ROGdJN0ZjbWdvUExNVldoUThqRW5IRTRzemsxWmc3MS9TT25FVHkKa1pmZEtWV2tac0J1TnJ1U1NDZHhzcVpEYW81eVVaVFJIVTdBYXAxRjhwUk9wVWFnSUhja1NFck5xa3pGRDNWMwpyQkhZZWcrSHBvb2xRVis4ZEhZWGZFUjFWMXUxdEI4a2xhR25NSGMvOEZuOTlxSHcyMDI4KzlvRjN3SURBUUFCCm8wSXdRREFPQmdOVkhROEJBZjhFQkFNQ0FRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QWRCZ05WSFE0RUZnUVUKbGc4M1NmZjdNVGdHQjc4Nk5JYjFrd1FKWjVZd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFFbjFPUEVDRlkwSwpKYXpJemtMSDd1ZnZPdG1wWnM1Mk1wVEhNTGRpRDhZQ1J1ZXhTUFJRRVBqRVB2OTlSc2lnanVIL1V1dlFlcDNFCjhWVkcvTEx6a2hyRndJTWtjYkVTWHRFTmxJY0ZlelhlZ2ZNbnhjSXdwMjNVSHdYRUxTeS9ieGVVUTF5TWdZaEoKQ3BTQ1lUb1RKRCtTYVhMNjV5TGkzK1dNUXlDQjlIejl3Ui8xMFdKUFJjd1IvYUlBbUN4cTZROUQzNjVkU0lCNgpOMkI0a2VBRURoTUdGTmQ1RFpYd3J1ZmVBR1kra241Z3VzaXVkWnJyMERpbFFubUVRSFhWKzRDVG1tRnBzVU1GCkpNRnhkRGhRR2kwSWJOVFUxRk9MSFYzQUUwcHZpM2crSXNZNTNDVGMzQkg5RllFTDJVYVJ3d0VwNy9reEtvMWoKSjA0dkhJTWxzelk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
    server: https://192.168.121.101:6443
  name: kubernetes
contexts: null
current-context: ""
kind: Config
preferences: {}
users:
- name: awsuser
  user:
    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQwakNDQXJxZ0F3SUJBZ0lVV25PdzdEc29QcDVNUW1jb25WUWxUOWxNMXMwd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURUxNQWtHQTFVRUJoTUNRMDR4RVRBUEJnTlZCQWdUQ0VoaGJtZGFhRzkxTVFzd0NRWURWUVFIRXdKWQpVekVNTUFvR0ExVUVDaE1EYXpoek1ROHdEUVlEVlFRTEV3WlRlWE4wWlcweEV6QVJCZ05WQkFNVENtdDFZbVZ5CmJtVjBaWE13SUJjTk1qVXdPVEkwTURVek56QXdXaGdQTWpBM05UQTVNVEl3TlRNM01EQmFNR0l4Q3pBSkJnTlYKQkFZVEFrTk9NUkF3RGdZRFZRUUlFd2RDWldsS2FXNW5NUkF3RGdZRFZRUUhFd2RDWldsS2FXNW5NUXd3Q2dZRApWUVFLRXdOck9ITXhEekFOQmdOVkJBc1RCbE41YzNSbGJURVFNQTRHQTFVRUF4TUhZWGR6ZFhObGNqQ0NBU0l3CkRRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFOV1NOaHphWVB2aEQwbjZpSEVVM05ZMnZMd3kKUFZEdndXYmg5c2lOZ0loOStHRzR4L09DTTVCdlJQc0dQNTd4c2FldWVGUTFvS1YzbGtzeVZNZWVEcTZTNFlucQpjeUxUZng1NUZ1ZkgwRnI0NVpNRDRUdWhSeTdtQWtBaXNPbStxa1IxL2RkN1JRa0xtaUJONWpTdzExRnlwRjFMCktZejcrcndrWmMxMHg3UGdpOG82K3ppb3NmWVlTdUdCSCtadU9CZExOdW11OEI3Z3ljeE5iVTYrSkgxRnpqTXoKWXFyTzlGVFpMY28rMk5YNGNrajRmM09qQWRFZWMyMnlkWU9QMzdBM2dBelBnMm9Lbi8ySEJvVGU1MUdIUHNINQpCNjZLWkpyVmRvcytmem45MWNFajliUXV2TW5mdXA0S0N6MFdyMVFYSy9FV0NIcm82UFhGN0J6WjI3a0NBd0VBCkFhTi9NSDB3RGdZRFZSMFBBUUgvQkFRREFnV2dNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUYKQlFjREFqQU1CZ05WSFJNQkFmOEVBakFBTUIwR0ExVWREZ1FXQkJURDFyaEdvM1Q4UHE1NTdscElmNlE3WjN5TwpNakFmQmdOVkhTTUVHREFXZ0JTV0R6ZEo5L3N4T0FZSHZ6bzBodldUQkFsbmxqQU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBUUVBR20xTENoT0t1M1YwUFB2bUtSb3pCV2tzL1VHM25FODM5K1k0Q3lJY3BBQ0NvVnA1aklGQjdUQWYKdTludEJUU3FTOWVDSVlsLzNaRzk0Y3h6ZmlVRDNwV2lvZDBWYkF6MlVuWnNoUTU4WTFrMlRwOFA5NCtPRXpjUApmQXdrWW03WlFlSHZTV2NwdTZwSHp0aFZIdlZQM2NPRWZEbG5keWtNbWFkd3ZXZTNZc0NaUGswTnBBTlI1eG5qCk8xRW1wUlVBSkxGRjEvb25KelZmZkdZd053UlFRSXdPYzcrekZoenFyQ0lES1dzZkp5a3VLdHhOZWt0cFBkMHkKblltaXVUR1NPTVdhVGxFMkxQeG85WGpXbXQxakFPbytBQ2RrUDZGQ3FGTnlMbDhBTjRJTE9KbEJya0xVZm5CTgpDTjNWTUtIam9CVjEyNUJDL3JIVEdjaFU4MGdBVFE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
    client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBMVpJMkhOcGcrK0VQU2ZxSWNSVGMxamE4dkRJOVVPL0JadUgyeUkyQWlIMzRZYmpICjg0SXprRzlFK3dZL252R3hwNjU0VkRXZ3BYZVdTekpVeDU0T3JwTGhpZXB6SXROL0hua1c1OGZRV3ZqbGt3UGgKTzZGSEx1WUNRQ0t3NmI2cVJIWDkxM3RGQ1F1YUlFM21OTERYVVhLa1hVc3BqUHY2dkNSbHpYVEhzK0NMeWpyNwpPS2l4OWhoSzRZRWY1bTQ0RjBzMjZhN3dIdURKekUxdFRyNGtmVVhPTXpOaXFzNzBWTmt0eWo3WTFmaHlTUGgvCmM2TUIwUjV6YmJKMWc0L2ZzRGVBRE0rRGFncWYvWWNHaE43blVZYyt3ZmtIcm9wa210VjJpejUvT2YzVndTUDEKdEM2OHlkKzZuZ29MUFJhdlZCY3I4UllJZXVqbzljWHNITm5idVFJREFRQUJBb0lCQUY4dm1EQ0ozL25DMkFhWAp3NkhxczNaQjFTSm5uYzVwM1IvV2pCL2NlVEhjT3d5S3g0c3ZOMzRqS1hKYjJaVWtrWkp6Znl2QTd3VndaQ3JGCmx1V1UrMlF4RUpaZ1NNcDN5c3N4R3RWWXgvTVR4WFlkbjQvdEZJWEJlN1ZNQU45YzNCUkJKazZZb1M4ajNhQ1MKTjR5NldHenpsSEFFSk5PeUpwRWVBOFZyUytwTjA4SVozVnQzT3JMdzllRStjK2VqWGdXRjRVSktMNkI3eUY3eApYOE9ESmh6MXRqQWhaYWZyWUk0ZzYxWm1rNnNicjBpRWdCaDBDK3NvRjA4MWhlTXVPWThpeStnVW5xdmR2VlpuCjB0NGlITi9ySS9oSFJvWUZLbmdiUldJN3lmUEp0bllPdG5LSnJQeDdaS3hjbFRYZ3RZTTRwU1l3dkNyek04dDcKSTFLamlkRUNnWUVBL1pvZ3dpYnNOUnA1MmtPdk5SWWxWVVhyZ1hmdzNxWk51Q0ZJNTVQQ0Yra09YTmROMmxreApWWWxBMXp6WStOYXVEVEZ5bWVjcDA5RlFzb0JvenBhOVhZV0JCRUVzYnRmZWJtL2ZrMWdDSmtsQmlYdWYyalVYClVxREUvVUZzR2NEdDRhNkpLaU4zSVMrMEJIYVpQWWdtd3ZrQms5bG94UUJ3Tk5TUy96K0NhbjBDZ1lFQTE1Y3YKSVgxMm9rTlFVdjJ1ckpnY2RCQVZpOC9UR29UT1dCVjBmWTNmOW1MeHpLYUwvUDh0WVFLczRMaDhEcUJ3WGlHVAo1WmZMdGdNMFNOV0wzYzArTy9nc2pyZ0xQMmcvc1UrZ2V0T3p1QXhxOExxZGNna3dVT3VtTHU5elRQOWhTUG5ECnlDNFhFTGhGOFMwRE40cTZlN0NVZExRRWdHS1lEbU56Sk5ZUFB1MENnWUFmNzVIaWdUNUxyYXJjcHB0Z3h3b3EKZytTVmFFSkg5NDlmK2FrUnFKVFBxQVNzQWwwR2V5YndTNW1Ed1dEZGJVTjcyOWMvdEZHYklBZldncjh3RE9HSgo3bThCMXljK1NpYnpwMWp6V0NqbEkyS0NhclFGcVp2blJ1R250dDVqRzkyWkJ2NjA5TVJpeEh3Wjk4bHlhenZlClg3Y29KRC9DVnp6S0dsN3NqOVhmalFLQmdFazhnM2MxL3JINmVmUG5WNG9zRmlaYlBHYUZUK3BIU1MxbEJIQ08KWEpGL1pUS25OUkRad3BtYzVndGt3RWZidXJCUGFjVnB2bnJ6TmJTMFRsSW5vY2VQYzl0N3E5NTdWSCt3VkF6RgprOXltNDBFcHM4aUVWSlI0cUxoekFWRWJ3L21kVnlQT2ZHbGluK2ZnNmFIWmo2WHJBMU50djhXNU9IeFN6aytxCkkvMjFBb0dBR2NzdkNpM1VvcmZiMmtucFBqTTdxalhpeFVxTzcxeDhzUzVWWXFYQWtqclJ4eUo3Yy9QY1ZZS2kKS1M3d3RPb0ViWXBQRWhXRW5ZUHp4VEpoUkxTZk5HSG1yb21GTEoxM0c2OTFuWXE4QjlGcUp0akE3Qkh0NGVFdQpBWENzK3RTS2NteGNaZFltcW8xWVlnK3piTmxNSk0weFl0d1k3QW94OXR5WURXVHBkVk09Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==

# 设置上下文参数
root@master1:/data/velero# kubectl config set-context kubernetes \
> --cluster=kubernetes \
> --user=awsuser \
> --namespace=velero-system \
> --kubeconfig=./awsuser.kubeconfig
Context "kubernetes" created.
# 设置默认上下文
root@master1:/data/velero# kubectl config use-context kubernetes --kubeconfig=awsuser.kubeconfig
Switched to context "kubernetes".

2.3 启动velero

bash 复制代码 
# k8s集群中创建awsuser账户
oot@master1:/data/velero# kubectl create clusterrolebinding awsuser --clusterrole=cluster-admin --user=awsuser
clusterrolebinding.rbac.authorization.k8s.io/awsuser created
#  创建namespace
root@master1:/data/velero#  kubectl create ns velero-system
namespace/velero-system created

# 执行安装
root@master1:/data/velero# velero --kubeconfig  ./awsuser.kubeconfig \
> install \
>     --provider aws \
>     --plugins velero/velero-plugin-for-aws:v1.3.1 \
>     --bucket velerodata  \
>     --secret-file ./velero-auth.txt \
>     --use-volume-snapshots=false \
> --namespace velero-system \
>     --backup-location-config region=minio,s3ForcePathStyle="true",s3Url=http://192.168.121.106:9000
CustomResourceDefinition/backups.velero.io: attempting to create resource
CustomResourceDefinition/backups.velero.io: attempting to create resource client
CustomResourceDefinition/backups.velero.io: created
CustomResourceDefinition/backupstoragelocations.velero.io: attempting to create resource
CustomResourceDefinition/backupstoragelocations.velero.io: attempting to create resource client
CustomResourceDefinition/backupstoragelocations.velero.io: created
CustomResourceDefinition/deletebackuprequests.velero.io: attempting to create resource
CustomResourceDefinition/deletebackuprequests.velero.io: attempting to create resource client
CustomResourceDefinition/deletebackuprequests.velero.io: created
CustomResourceDefinition/downloadrequests.velero.io: attempting to create resource
CustomResourceDefinition/downloadrequests.velero.io: attempting to create resource client
CustomResourceDefinition/downloadrequests.velero.io: created
CustomResourceDefinition/podvolumebackups.velero.io: attempting to create resource
CustomResourceDefinition/podvolumebackups.velero.io: attempting to create resource client
CustomResourceDefinition/podvolumebackups.velero.io: created
CustomResourceDefinition/podvolumerestores.velero.io: attempting to create resource
CustomResourceDefinition/podvolumerestores.velero.io: attempting to create resource client
CustomResourceDefinition/podvolumerestores.velero.io: created
CustomResourceDefinition/resticrepositories.velero.io: attempting to create resource
CustomResourceDefinition/resticrepositories.velero.io: attempting to create resource client
CustomResourceDefinition/resticrepositories.velero.io: created
CustomResourceDefinition/restores.velero.io: attempting to create resource
CustomResourceDefinition/restores.velero.io: attempting to create resource client
CustomResourceDefinition/restores.velero.io: created
CustomResourceDefinition/schedules.velero.io: attempting to create resource
CustomResourceDefinition/schedules.velero.io: attempting to create resource client
CustomResourceDefinition/schedules.velero.io: created
CustomResourceDefinition/serverstatusrequests.velero.io: attempting to create resource
CustomResourceDefinition/serverstatusrequests.velero.io: attempting to create resource client
CustomResourceDefinition/serverstatusrequests.velero.io: created
CustomResourceDefinition/volumesnapshotlocations.velero.io: attempting to create resource
CustomResourceDefinition/volumesnapshotlocations.velero.io: attempting to create resource client
CustomResourceDefinition/volumesnapshotlocations.velero.io: created
Waiting for resources to be ready in cluster...
Namespace/velero-system: attempting to create resource
Namespace/velero-system: attempting to create resource client
Namespace/velero-system: already exists, proceeding
Namespace/velero-system: created
ClusterRoleBinding/velero-velero-system: attempting to create resource
ClusterRoleBinding/velero-velero-system: attempting to create resource client
ClusterRoleBinding/velero-velero-system: created
ServiceAccount/velero: attempting to create resource
ServiceAccount/velero: attempting to create resource client
ServiceAccount/velero: created
Secret/cloud-credentials: attempting to create resource
Secret/cloud-credentials: attempting to create resource client
Secret/cloud-credentials: created
BackupStorageLocation/default: attempting to create resource
BackupStorageLocation/default: attempting to create resource client
BackupStorageLocation/default: created
Deployment/velero: attempting to create resource
Deployment/velero: attempting to create resource client
Deployment/velero: created
Velero is installed! ⛵ Use 'kubectl logs deployment/velero -n velero-system' to view the status.

# 查看pod状态
root@master1:/data/velero# kubectl get pods -n velero-system
NAME                      READY   STATUS    RESTARTS   AGE
velero-6755cb8697-b87p9   1/1     Running   0          2m7s
# 验证安装
root@master1:/data/velero# kubectl  describe pod velero-6755cb8697-b87p9 -n velero-system  
Name:         velero-6755cb8697-b87p9
Namespace:    velero-system
Priority:     0
Node:         192.168.121.111/192.168.121.111
Start Time:   Wed, 24 Sep 2025 14:06:05 +0800
Labels:       component=velero
              deploy=velero
              pod-template-hash=6755cb8697
Annotations:  prometheus.io/path: /metrics
              prometheus.io/port: 8085
              prometheus.io/scrape: true
Status:       Running
IP:           10.200.166.162

3 namespace备份与恢复

3.1 备份

bash 复制代码 
# velero backup create 备份名 --include-namespaces(指定备份的namespace) myapp -n 指定velero所在的namespece
root@master1:/data/velero# kubectl get pods -A
NAMESPACE              NAME                                              READY   STATUS    RESTARTS       AGE
default                net-test2                                         1/1     Running   1 (15h ago)    2d18h
default                net-test3                                         1/1     Running   3 (15h ago)    2d18h
default                net-test4                                         1/1     Running   1 (15h ago)    21h
kube-system            calico-kube-controllers-754966f84c-nb8mt          1/1     Running   8 (15h ago)    2d21h
kube-system            calico-node-29mld                                 1/1     Running   4 (15h ago)    2d21h
kube-system            calico-node-4rnzt                                 1/1     Running   6 (15h ago)    2d21h
kube-system            calico-node-p4ddl                                 1/1     Running   4 (15h ago)    2d21h
kube-system            calico-node-rn7fk                                 1/1     Running   10 (15h ago)   2d21h
kube-system            coredns-7db6b45f67-ht47r                          1/1     Running   2 (15h ago)    43h
kube-system            coredns-7db6b45f67-xpzmr                          1/1     Running   3 (15h ago)    42h
kubernetes-dashboard   dashboard-metrics-scraper-69d947947b-94c4p        1/1     Running   4 (15h ago)    40h
kubernetes-dashboard   kubernetes-dashboard-744bdb9f9b-f2zns             1/1     Running   4 (15h ago)    40h
myapp                  linux66-tomcat-app1-deployment-667c9cf879-hz98v   1/1     Running   0              92m
velero-system          velero-6755cb8697-b87p9                           1/1     Running   0              13m

root@master1:/data/velero# velero backup create chenjun666-20250924  --include-namespaces myapp -n velero-system
Backup request "chenjun666-20250924" submitted successfully.
Run `velero backup describe chenjun666-20250924` or `velero backup logs chenjun666-20250924` for more details.

# 定时任务脚本自动备份
root@master1:/data/velero# crontab -e 
* 0 * * * * DATE=`date +%Y%m%d%H%M%S` && velero backup create myapp-ns-backup-${DATE} --include-namespaces myapp --kubeconfig=./awsuser.kubeconfig --namespace velero-system
# 手动备份
root@master1:/data/velero# DATE=`date +%Y%m%d%H%M%S` && velero backup create myapp-ns-backup-${DATE} --include-namespaces myapp --kubeconfig=./awsuser.kubeconfig --namespace velero-system
Backup request "myapp-ns-backup-20250924142245" submitted successfully.
Run `velero backup describe myapp-ns-backup-20250924142245` or `velero backup logs myapp-ns-backup-20250924142245` for more details.

web页面查看是否备份成功

3.2 恢复

bash 复制代码 
root@master1:/data/velero# kubectl get deployments.apps -n myapp 
NAME                             READY   UP-TO-DATE   AVAILABLE   AGE
linux66-tomcat-app1-deployment   1/1     1            1           102m
root@master1:/data/velero# kubectl get svc -n myapp 
NAME                          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
linux66-tomcat-app1-service   ClusterIP   10.100.253.206   <none>        80/TCP    102m
root@master1:/data/velero# kubectl get pod -n myapp 
NAME                                              READY   STATUS    RESTARTS   AGE
linux66-tomcat-app1-deployment-667c9cf879-hz98v   1/1     Running   0          102m

# 删除service
root@master1:/data/velero# kubectl delete svc linux66-tomcat-app1-service -n myapp
service "linux66-tomcat-app1-service" deleted
# 删除deployment
root@master1:/data/velero# kubectl delete deployments linux66-tomcat-app1-deployment -n myapp
deployment.apps "linux66-tomcat-app1-deployment" deleted

root@master1:/data/velero# kubectl get pods -n myapp
No resources found in myapp namespace.

# 恢复备份
root@master1:/data/velero# velero restore create --from-backup myapp-ns-backup-20250924142627 --wait --kubeconfig=./awsuser.kubeconfig --namespace velero-system
Restore request "myapp-ns-backup-20250924142627-20250924145217" submitted successfully.
Waiting for restore to complete. You may safely press ctrl-c to stop waiting - your restore will continue in the background.

Restore completed with status: Completed. You may check for more information using the commands `velero restore describe myapp-ns-backup-20250924142627-20250924145217` and `velero restore logs myapp-ns-backup-20250924142627-20250924145217`.

root@master1:/data/velero# kubectl get pods -n myapp
NAME                                              READY   STATUS    RESTARTS   AGE
linux66-tomcat-app1-deployment-667c9cf879-hz98v   1/1     Running   0          27s
相关推荐
吃好睡好便好16 小时前
创建上三角矩阵和下三角矩阵
开发语言·学习·线性代数·matlab·矩阵
nashane16 小时前
HarmonyOS 6学习:异步操作中Toast提示框消失之谜与UIContext解决方案实战
学习·华为·harmonyos
知悟之旅16 小时前
你不是在舒适区,你在漂移
学习·生活
MaxineZhou16 小时前
AI学习记录
学习
Bechamz16 小时前
大数据开发学习Day41
大数据·学习
星夜夏空9916 小时前
STM32单片机学习(27) —— SPI相关概念
stm32·单片机·学习
万物皆字节16 小时前
【记录】安装nodejs,miniconda后本地设置
笔记
z2005093016 小时前
【linux学习】linux下进程状态和环境变量的解析
linux·运维·学习
智者知已应修善业17 小时前
【51单片机按键加减最大60显示0不再增加减到0不再减】2023-11-18
c++·经验分享·笔记·算法·51单片机
lunzi_082617 小时前
【学习笔记】《Python编程 从入门到实践》第1章:Python环境搭建与Hello World(完整版)
笔记·python·学习
热门推荐
01GitHub 镜像站点02Codex 接入 DeepSeek API 完整配置文档03【踩坑记录 | 第一篇】微软商店无法使用时,如何手动安装 OpenAI Codex?附`.msix`文件系统错误解决方法04裂开!ChatGPT 居然开始要手机号验证,附详细解决方法05CC-Switch & Claude 基于 Linux 服务器安装使用指南06【AI】2026 年具身智能模型和世界模型总结07Codegraph 实战:用知识图谱让 AI 编程效率翻倍08LLM Wiki:让大模型替你打理知识库的完整指南09Codex使用DeepSeek API的方法(cc switch + codex bridge方案)10几个好用的ip纯净度检测网站