K8s学习笔记(五) Velero结合minnio业务数据备份与恢复

能不能别报错2025-09-25 14:00

K8s学习笔记(五) Velero结合minnio数据备份与恢复

Velero(曾用名 Heptio Ark)是一款开源的 Kubernetes 集群数据备份与恢复工具,支持集群资源(Deployment、Service 等)和持久化存储数据(PV/PVC)的备份;MinIO 是兼容 S3 协议的对象存储服务,可作为 Velero 的备份存储后端,实现备份数据的集中存储与管理。本文将从原理、环境准备、部署配置、备份恢复操作及最佳实践等维度,全面讲解两者结合的方案。

1 部署minio

1.1 安装docker

1.2 拉取minio镜像

bash 复制代码 
docker pull  minio/minio:RELEASE.2022-04-12T06-55-35Z

1.3 创建数据目录

bash 复制代码 
root@master1:~# mkdir /date/minio

1.4 创建minio容器

bash 复制代码 
root@master1:~# docker run --name minio \
> -p 9000:9000 \
> -p 9999:9999 \
> -d --restart=always \
> -e "MINIO_ROOT_USER=admin" \
> -e "MINIO_ROOT_PASSWORD=12345678" \
> -v /data/minio/data:/data \
> minio/minio:RELEASE.2022-04-12T06-55-35Z server /data \
> --console-address '0.0.0.0:9999'
99b95868de5c3fd962fdec5fa63df5b7cdb834788e46824de7d4fb183a74dbb6
root@master1:~# docker ps
CONTAINER ID        IMAGE                                      COMMAND                  CREATED             STATUS              PORTS                                            NAMES
99b95868de5c        minio/minio:RELEASE.2022-04-12T06-55-35Z   "/usr/bin/docker-ent..."   3 minutes ago       Up 3 minutes        0.0.0.0:9000->9000/tcp, 0.0.0.0:9999->9999/tcp   minio

1.4 访问web页面创建velerodata

2 部署velero

2.1 下载安装包并解压

bash 复制代码 
root@master1:/opt/velero# wget https://github.com/vmware-tanzu/velero/releases/download/v1.8.1/velero-v1.8.1-linux-amd64.tar.gz
--2025-09-24 13:26:12--  https://github.com/vmware-tanzu/velero/releases/download/v1.8.1/velero-v1.8.1-linux-amd64.tar.gz
Connecting to 192.168.121.1:7890... connected.
Proxy request sent, awaiting response... 302 Found
Location: https://release-assets.githubusercontent.com/github-production-release-asset/99143276/2a4ee768-146c-4b85-99ab-ff0b428e2b21?sp=r&sv=2018-11-09&sr=b&spr=https&se=2025-09-24T06%3A11%3A19Z&rscd=attachment%3B+filename%3Dvelero-v1.8.1-linux-amd64.tar.gz&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2025-09-24T05%3A10%3A39Z&ske=2025-09-24T06%3A11%3A19Z&sks=b&skv=2018-11-09&sig=7c1wPTpdDW9LlyMvbUHlRaeDyEHQgZG9LcHfzDf2fg0%3D&jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc1ODY5MTg3MiwibmJmIjoxNzU4NjkxNTcyLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.mAx5WKv284OZkedCa5DnRSfRULF6p2LCVu1bZQ4gEkM&response-content-disposition=attachment%3B%20filename%3Dvelero-v1.8.1-linux-amd64.tar.gz&response-content-type=application%2Foctet-stream [following]
--2025-09-24 13:26:13--  https://release-assets.githubusercontent.com/github-production-release-asset/99143276/2a4ee768-146c-4b85-99ab-ff0b428e2b21?sp=r&sv=2018-11-09&sr=b&spr=https&se=2025-09-24T06%3A11%3A19Z&rscd=attachment%3B+filename%3Dvelero-v1.8.1-linux-amd64.tar.gz&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2025-09-24T05%3A10%3A39Z&ske=2025-09-24T06%3A11%3A19Z&sks=b&skv=2018-11-09&sig=7c1wPTpdDW9LlyMvbUHlRaeDyEHQgZG9LcHfzDf2fg0%3D&jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc1ODY5MTg3MiwibmJmIjoxNzU4NjkxNTcyLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.mAx5WKv284OZkedCa5DnRSfRULF6p2LCVu1bZQ4gEkM&response-content-disposition=attachment%3B%20filename%3Dvelero-v1.8.1-linux-amd64.tar.gz&response-content-type=application%2Foctet-stream
Connecting to 192.168.121.1:7890... connected.
Proxy request sent, awaiting response... 200 OK
Length: 29570064 (28M) [application/octet-stream]
Saving to: 'velero-v1.8.1-linux-amd64.tar.gz'

velero-v1.8.1-linux-amd64.tar.gz                                      100%[=======================================================================================================================================================================>]  28.20M  4.86MB/s    in 6.9s    

2025-09-24 13:26:20 (4.09 MB/s) - 'velero-v1.8.1-linux-amd64.tar.gz' saved [29570064/29570064]

root@master1:/opt/velero# tar xvf velero-v1.8.1-linux-amd64.tar.gz 
velero-v1.8.1-linux-amd64/LICENSE
velero-v1.8.1-linux-amd64/examples/README.md
velero-v1.8.1-linux-amd64/examples/minio
velero-v1.8.1-linux-amd64/examples/minio/00-minio-deployment.yaml
velero-v1.8.1-linux-amd64/examples/nginx-app
velero-v1.8.1-linux-amd64/examples/nginx-app/README.md
velero-v1.8.1-linux-amd64/examples/nginx-app/base.yaml
velero-v1.8.1-linux-amd64/examples/nginx-app/with-pv.yaml
velero-v1.8.1-linux-amd64/velero

# 将解压内容复制到bin目录
root@master1:/opt/velero# cp velero-v1.8.1-linux-amd64/velero  /usr/local/bin/

2.2 配置velero认证环境

bash 复制代码 
# 创建工作目录
root@master1:/opt/velero/velero-v1.8.1-linux-amd64# mkdir /data/velero -p
# 创建认证文件
root@master1:/data/velero# vim velero-auth.txt
# 准备user-csr文件
root@master1:/data/velero# vim awsuser-csr.json
{
  "CN": "awsuser",
  "hosts": [],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "BeiJing",
      "L": "BeiJing",
      "O": "k8s",
      "OU": "System"
    }
  ]
}
# 准备证书签发环境
root@master1:/data/velero# apt install golang-cfssl
root@master1:/data/velero# wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl_1.6.1_linux_amd64 
root@master1:/data/velero# wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssljson_1.6.1_linux_amd64 
root@master1:/data/velero# wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl-certinfo_1.6.1_linux_amd64
root@master1:/data/velero# mv cfssl-certinfo_1.6.1_linux_amd64 cfssl-certinfo
root@master1:/data/velero# mv cfssl_1.6.1_linux_amd64 cfssl
root@master1:/data/velero# mv cfssljson_1.6.1_linux_amd64 cfssljson
root@master1:/data/velero# ls
awsuser-csr.json  cfssl  cfssl-certinfo  cfssljson  velero-auth.txt
root@master1:/data/velero# cp cfssl-certinfo cfssl cfssljson /usr/local/bin/
root@master1:/data/velero# chmod +x /usr/local/bin/cfssl*

# master1节点执行证书签发
root@master1:/data/velero# /usr/local/bin/cfssl gencert -ca=/etc/kubernetes/ssl/ca.pem -ca-key=/etc/kubernetes/ssl/ca-key.pem -config=/etc/kubeasz/clusters/k8s-01/ssl/ca-config.json -profile=kubernetes ./awsuser-csr.json | cfssljson -bare awsuser
2025/09/24 13:42:28 [INFO] generate received request
2025/09/24 13:42:28 [INFO] received CSR
2025/09/24 13:42:28 [INFO] generating key: rsa-2048
2025/09/24 13:42:28 [INFO] encoded CSR
2025/09/24 13:42:28 [INFO] signed certificate with serial number 516389167219572575663844410033161087693372577485
2025/09/24 13:42:28 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").

root@master1:/data/velero# ll
total 40252
drwxr-xr-x 2 root root      166 Sep 24 13:42 ./
drwxr-xr-x 3 root root       20 Sep 24 13:37 ../
-rw-r--r-- 1 root root      221 Sep 24 13:40 awsuser-csr.json
-rw------- 1 root root     1675 Sep 24 13:42 awsuser-key.pem        # 私钥
-rw-r--r-- 1 root root      997 Sep 24 13:42 awsuser.csr      
-rw-r--r-- 1 root root     1387 Sep 24 13:42 awsuser.pem            # 公钥
-rw-r--r-- 1 root root 16659824 Sep 24 13:40 cfssl
-rw-r--r-- 1 root root 13502544 Sep 24 13:40 cfssl-certinfo
-rw-r--r-- 1 root root 11029744 Sep 24 13:40 cfssljson
-rw-r--r-- 1 root root       70 Sep 24 13:40 velero-auth.txt
# 分发证书到api-server证书路径
root@master1:/data/velero# cp awsuser-key.pem /etc/kubernetes/ssl/
root@master1:/data/velero# cp awsuser.pem /etc/kubernetes/ssl/

# 生成集群认证config文件
root@master1:/data/velero# kubectl config set-cluster kubernetes \
> --certificate-authority=/etc/kubernetes/ssl/ca.pem \
> --embed-certs=true \
> --server=${KUBE_APISERVER} \
> --kubeconfig=./awsuser.kubeconfig
Cluster "kubernetes" set.

# 设置客户端证书认证:
root@master1:/data/velero# kubectl config set-credentials awsuser \
> --client-certificate=/etc/kubernetes/ssl/awsuser.pem \
> --client-key=/etc/kubernetes/ssl/awsuser-key.pem \
> --embed-certs=true \
> --kubeconfig=./awsuser.kubeconfig
User "awsuser" set.
root@master1:/data/velero# vim awsuser.kubeconfig 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURsRENDQW55Z0F3SUJBZ0lVZDVqR0VuQ1huSHkvNmozRUZ6ZDA2V0hBQ1RVd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURUxNQWtHQTFVRUJoTUNRMDR4RVRBUEJnTlZCQWdUQ0VoaGJtZGFhRzkxTVFzd0NRWURWUVFIRXdKWQpVekVNTUFvR0ExVUVDaE1EYXpoek1ROHdEUVlEVlFRTEV3WlRlWE4wWlcweEV6QVJCZ05WQkFNVENtdDFZbVZ5CmJtVjBaWE13SUJjTk1qVXdPVEl4TURneU1EQXdXaGdQTWpFeU5UQTRNamd3T0RJd01EQmFNR0V4Q3pBSkJnTlYKQkFZVEFrTk9NUkV3RHdZRFZRUUlFd2hJWVc1bldtaHZkVEVMTUFrR0ExVUVCeE1DV0ZNeEREQUtCZ05WQkFvVApBMnM0Y3pFUE1BMEdBMVVFQ3hNR1UzbHpkR1Z0TVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOCkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTAwS1NjQlJEV3dxN1h0NWkwTnlydk1WZFBKY2gKdVVoMzFLa2hMR3VOd1FVbUZJT1hHbGVYS1c5SjlPR2VMS1l6ZVhWUVNLWkNsb2x5cXQvUFAvVHVtb1J3OHpnZApMQVFSWHozLyt0NWY2MlRnZmVsZHR6OUtuU3FJNzlsNWlvYU12b3FBNURaNkNBd0Z6czhLMWg2Yko4UkFPZWRvCmQyQTJPcXNGcThwem5FRTJCL01sRkxZZk1ROGdJN0ZjbWdvUExNVldoUThqRW5IRTRzemsxWmc3MS9TT25FVHkKa1pmZEtWV2tac0J1TnJ1U1NDZHhzcVpEYW81eVVaVFJIVTdBYXAxRjhwUk9wVWFnSUhja1NFck5xa3pGRDNWMwpyQkhZZWcrSHBvb2xRVis4ZEhZWGZFUjFWMXUxdEI4a2xhR25NSGMvOEZuOTlxSHcyMDI4KzlvRjN3SURBUUFCCm8wSXdRREFPQmdOVkhROEJBZjhFQkFNQ0FRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QWRCZ05WSFE0RUZnUVUKbGc4M1NmZjdNVGdHQjc4Nk5JYjFrd1FKWjVZd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFFbjFPUEVDRlkwSwpKYXpJemtMSDd1ZnZPdG1wWnM1Mk1wVEhNTGRpRDhZQ1J1ZXhTUFJRRVBqRVB2OTlSc2lnanVIL1V1dlFlcDNFCjhWVkcvTEx6a2hyRndJTWtjYkVTWHRFTmxJY0ZlelhlZ2ZNbnhjSXdwMjNVSHdYRUxTeS9ieGVVUTF5TWdZaEoKQ3BTQ1lUb1RKRCtTYVhMNjV5TGkzK1dNUXlDQjlIejl3Ui8xMFdKUFJjd1IvYUlBbUN4cTZROUQzNjVkU0lCNgpOMkI0a2VBRURoTUdGTmQ1RFpYd3J1ZmVBR1kra241Z3VzaXVkWnJyMERpbFFubUVRSFhWKzRDVG1tRnBzVU1GCkpNRnhkRGhRR2kwSWJOVFUxRk9MSFYzQUUwcHZpM2crSXNZNTNDVGMzQkg5RllFTDJVYVJ3d0VwNy9reEtvMWoKSjA0dkhJTWxzelk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
    server: https://192.168.121.101:6443
  name: kubernetes
contexts: null
current-context: ""
kind: Config
preferences: {}
users:
- name: awsuser
  user:
    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQwakNDQXJxZ0F3SUJBZ0lVV25PdzdEc29QcDVNUW1jb25WUWxUOWxNMXMwd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURUxNQWtHQTFVRUJoTUNRMDR4RVRBUEJnTlZCQWdUQ0VoaGJtZGFhRzkxTVFzd0NRWURWUVFIRXdKWQpVekVNTUFvR0ExVUVDaE1EYXpoek1ROHdEUVlEVlFRTEV3WlRlWE4wWlcweEV6QVJCZ05WQkFNVENtdDFZbVZ5CmJtVjBaWE13SUJjTk1qVXdPVEkwTURVek56QXdXaGdQTWpBM05UQTVNVEl3TlRNM01EQmFNR0l4Q3pBSkJnTlYKQkFZVEFrTk9NUkF3RGdZRFZRUUlFd2RDWldsS2FXNW5NUkF3RGdZRFZRUUhFd2RDWldsS2FXNW5NUXd3Q2dZRApWUVFLRXdOck9ITXhEekFOQmdOVkJBc1RCbE41YzNSbGJURVFNQTRHQTFVRUF4TUhZWGR6ZFhObGNqQ0NBU0l3CkRRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFOV1NOaHphWVB2aEQwbjZpSEVVM05ZMnZMd3kKUFZEdndXYmg5c2lOZ0loOStHRzR4L09DTTVCdlJQc0dQNTd4c2FldWVGUTFvS1YzbGtzeVZNZWVEcTZTNFlucQpjeUxUZng1NUZ1ZkgwRnI0NVpNRDRUdWhSeTdtQWtBaXNPbStxa1IxL2RkN1JRa0xtaUJONWpTdzExRnlwRjFMCktZejcrcndrWmMxMHg3UGdpOG82K3ppb3NmWVlTdUdCSCtadU9CZExOdW11OEI3Z3ljeE5iVTYrSkgxRnpqTXoKWXFyTzlGVFpMY28rMk5YNGNrajRmM09qQWRFZWMyMnlkWU9QMzdBM2dBelBnMm9Lbi8ySEJvVGU1MUdIUHNINQpCNjZLWkpyVmRvcytmem45MWNFajliUXV2TW5mdXA0S0N6MFdyMVFYSy9FV0NIcm82UFhGN0J6WjI3a0NBd0VBCkFhTi9NSDB3RGdZRFZSMFBBUUgvQkFRREFnV2dNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUYKQlFjREFqQU1CZ05WSFJNQkFmOEVBakFBTUIwR0ExVWREZ1FXQkJURDFyaEdvM1Q4UHE1NTdscElmNlE3WjN5TwpNakFmQmdOVkhTTUVHREFXZ0JTV0R6ZEo5L3N4T0FZSHZ6bzBodldUQkFsbmxqQU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBUUVBR20xTENoT0t1M1YwUFB2bUtSb3pCV2tzL1VHM25FODM5K1k0Q3lJY3BBQ0NvVnA1aklGQjdUQWYKdTludEJUU3FTOWVDSVlsLzNaRzk0Y3h6ZmlVRDNwV2lvZDBWYkF6MlVuWnNoUTU4WTFrMlRwOFA5NCtPRXpjUApmQXdrWW03WlFlSHZTV2NwdTZwSHp0aFZIdlZQM2NPRWZEbG5keWtNbWFkd3ZXZTNZc0NaUGswTnBBTlI1eG5qCk8xRW1wUlVBSkxGRjEvb25KelZmZkdZd053UlFRSXdPYzcrekZoenFyQ0lES1dzZkp5a3VLdHhOZWt0cFBkMHkKblltaXVUR1NPTVdhVGxFMkxQeG85WGpXbXQxakFPbytBQ2RrUDZGQ3FGTnlMbDhBTjRJTE9KbEJya0xVZm5CTgpDTjNWTUtIam9CVjEyNUJDL3JIVEdjaFU4MGdBVFE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
    client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBMVpJMkhOcGcrK0VQU2ZxSWNSVGMxamE4dkRJOVVPL0JadUgyeUkyQWlIMzRZYmpICjg0SXprRzlFK3dZL252R3hwNjU0VkRXZ3BYZVdTekpVeDU0T3JwTGhpZXB6SXROL0hua1c1OGZRV3ZqbGt3UGgKTzZGSEx1WUNRQ0t3NmI2cVJIWDkxM3RGQ1F1YUlFM21OTERYVVhLa1hVc3BqUHY2dkNSbHpYVEhzK0NMeWpyNwpPS2l4OWhoSzRZRWY1bTQ0RjBzMjZhN3dIdURKekUxdFRyNGtmVVhPTXpOaXFzNzBWTmt0eWo3WTFmaHlTUGgvCmM2TUIwUjV6YmJKMWc0L2ZzRGVBRE0rRGFncWYvWWNHaE43blVZYyt3ZmtIcm9wa210VjJpejUvT2YzVndTUDEKdEM2OHlkKzZuZ29MUFJhdlZCY3I4UllJZXVqbzljWHNITm5idVFJREFRQUJBb0lCQUY4dm1EQ0ozL25DMkFhWAp3NkhxczNaQjFTSm5uYzVwM1IvV2pCL2NlVEhjT3d5S3g0c3ZOMzRqS1hKYjJaVWtrWkp6Znl2QTd3VndaQ3JGCmx1V1UrMlF4RUpaZ1NNcDN5c3N4R3RWWXgvTVR4WFlkbjQvdEZJWEJlN1ZNQU45YzNCUkJKazZZb1M4ajNhQ1MKTjR5NldHenpsSEFFSk5PeUpwRWVBOFZyUytwTjA4SVozVnQzT3JMdzllRStjK2VqWGdXRjRVSktMNkI3eUY3eApYOE9ESmh6MXRqQWhaYWZyWUk0ZzYxWm1rNnNicjBpRWdCaDBDK3NvRjA4MWhlTXVPWThpeStnVW5xdmR2VlpuCjB0NGlITi9ySS9oSFJvWUZLbmdiUldJN3lmUEp0bllPdG5LSnJQeDdaS3hjbFRYZ3RZTTRwU1l3dkNyek04dDcKSTFLamlkRUNnWUVBL1pvZ3dpYnNOUnA1MmtPdk5SWWxWVVhyZ1hmdzNxWk51Q0ZJNTVQQ0Yra09YTmROMmxreApWWWxBMXp6WStOYXVEVEZ5bWVjcDA5RlFzb0JvenBhOVhZV0JCRUVzYnRmZWJtL2ZrMWdDSmtsQmlYdWYyalVYClVxREUvVUZzR2NEdDRhNkpLaU4zSVMrMEJIYVpQWWdtd3ZrQms5bG94UUJ3Tk5TUy96K0NhbjBDZ1lFQTE1Y3YKSVgxMm9rTlFVdjJ1ckpnY2RCQVZpOC9UR29UT1dCVjBmWTNmOW1MeHpLYUwvUDh0WVFLczRMaDhEcUJ3WGlHVAo1WmZMdGdNMFNOV0wzYzArTy9nc2pyZ0xQMmcvc1UrZ2V0T3p1QXhxOExxZGNna3dVT3VtTHU5elRQOWhTUG5ECnlDNFhFTGhGOFMwRE40cTZlN0NVZExRRWdHS1lEbU56Sk5ZUFB1MENnWUFmNzVIaWdUNUxyYXJjcHB0Z3h3b3EKZytTVmFFSkg5NDlmK2FrUnFKVFBxQVNzQWwwR2V5YndTNW1Ed1dEZGJVTjcyOWMvdEZHYklBZldncjh3RE9HSgo3bThCMXljK1NpYnpwMWp6V0NqbEkyS0NhclFGcVp2blJ1R250dDVqRzkyWkJ2NjA5TVJpeEh3Wjk4bHlhenZlClg3Y29KRC9DVnp6S0dsN3NqOVhmalFLQmdFazhnM2MxL3JINmVmUG5WNG9zRmlaYlBHYUZUK3BIU1MxbEJIQ08KWEpGL1pUS25OUkRad3BtYzVndGt3RWZidXJCUGFjVnB2bnJ6TmJTMFRsSW5vY2VQYzl0N3E5NTdWSCt3VkF6RgprOXltNDBFcHM4aUVWSlI0cUxoekFWRWJ3L21kVnlQT2ZHbGluK2ZnNmFIWmo2WHJBMU50djhXNU9IeFN6aytxCkkvMjFBb0dBR2NzdkNpM1VvcmZiMmtucFBqTTdxalhpeFVxTzcxeDhzUzVWWXFYQWtqclJ4eUo3Yy9QY1ZZS2kKS1M3d3RPb0ViWXBQRWhXRW5ZUHp4VEpoUkxTZk5HSG1yb21GTEoxM0c2OTFuWXE4QjlGcUp0akE3Qkh0NGVFdQpBWENzK3RTS2NteGNaZFltcW8xWVlnK3piTmxNSk0weFl0d1k3QW94OXR5WURXVHBkVk09Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==

# 设置上下文参数
root@master1:/data/velero# kubectl config set-context kubernetes \
> --cluster=kubernetes \
> --user=awsuser \
> --namespace=velero-system \
> --kubeconfig=./awsuser.kubeconfig
Context "kubernetes" created.
# 设置默认上下文
root@master1:/data/velero# kubectl config use-context kubernetes --kubeconfig=awsuser.kubeconfig
Switched to context "kubernetes".

2.3 启动velero

bash 复制代码 
# k8s集群中创建awsuser账户
oot@master1:/data/velero# kubectl create clusterrolebinding awsuser --clusterrole=cluster-admin --user=awsuser
clusterrolebinding.rbac.authorization.k8s.io/awsuser created
#  创建namespace
root@master1:/data/velero#  kubectl create ns velero-system
namespace/velero-system created

# 执行安装
root@master1:/data/velero# velero --kubeconfig  ./awsuser.kubeconfig \
> install \
>     --provider aws \
>     --plugins velero/velero-plugin-for-aws:v1.3.1 \
>     --bucket velerodata  \
>     --secret-file ./velero-auth.txt \
>     --use-volume-snapshots=false \
> --namespace velero-system \
>     --backup-location-config region=minio,s3ForcePathStyle="true",s3Url=http://192.168.121.106:9000
CustomResourceDefinition/backups.velero.io: attempting to create resource
CustomResourceDefinition/backups.velero.io: attempting to create resource client
CustomResourceDefinition/backups.velero.io: created
CustomResourceDefinition/backupstoragelocations.velero.io: attempting to create resource
CustomResourceDefinition/backupstoragelocations.velero.io: attempting to create resource client
CustomResourceDefinition/backupstoragelocations.velero.io: created
CustomResourceDefinition/deletebackuprequests.velero.io: attempting to create resource
CustomResourceDefinition/deletebackuprequests.velero.io: attempting to create resource client
CustomResourceDefinition/deletebackuprequests.velero.io: created
CustomResourceDefinition/downloadrequests.velero.io: attempting to create resource
CustomResourceDefinition/downloadrequests.velero.io: attempting to create resource client
CustomResourceDefinition/downloadrequests.velero.io: created
CustomResourceDefinition/podvolumebackups.velero.io: attempting to create resource
CustomResourceDefinition/podvolumebackups.velero.io: attempting to create resource client
CustomResourceDefinition/podvolumebackups.velero.io: created
CustomResourceDefinition/podvolumerestores.velero.io: attempting to create resource
CustomResourceDefinition/podvolumerestores.velero.io: attempting to create resource client
CustomResourceDefinition/podvolumerestores.velero.io: created
CustomResourceDefinition/resticrepositories.velero.io: attempting to create resource
CustomResourceDefinition/resticrepositories.velero.io: attempting to create resource client
CustomResourceDefinition/resticrepositories.velero.io: created
CustomResourceDefinition/restores.velero.io: attempting to create resource
CustomResourceDefinition/restores.velero.io: attempting to create resource client
CustomResourceDefinition/restores.velero.io: created
CustomResourceDefinition/schedules.velero.io: attempting to create resource
CustomResourceDefinition/schedules.velero.io: attempting to create resource client
CustomResourceDefinition/schedules.velero.io: created
CustomResourceDefinition/serverstatusrequests.velero.io: attempting to create resource
CustomResourceDefinition/serverstatusrequests.velero.io: attempting to create resource client
CustomResourceDefinition/serverstatusrequests.velero.io: created
CustomResourceDefinition/volumesnapshotlocations.velero.io: attempting to create resource
CustomResourceDefinition/volumesnapshotlocations.velero.io: attempting to create resource client
CustomResourceDefinition/volumesnapshotlocations.velero.io: created
Waiting for resources to be ready in cluster...
Namespace/velero-system: attempting to create resource
Namespace/velero-system: attempting to create resource client
Namespace/velero-system: already exists, proceeding
Namespace/velero-system: created
ClusterRoleBinding/velero-velero-system: attempting to create resource
ClusterRoleBinding/velero-velero-system: attempting to create resource client
ClusterRoleBinding/velero-velero-system: created
ServiceAccount/velero: attempting to create resource
ServiceAccount/velero: attempting to create resource client
ServiceAccount/velero: created
Secret/cloud-credentials: attempting to create resource
Secret/cloud-credentials: attempting to create resource client
Secret/cloud-credentials: created
BackupStorageLocation/default: attempting to create resource
BackupStorageLocation/default: attempting to create resource client
BackupStorageLocation/default: created
Deployment/velero: attempting to create resource
Deployment/velero: attempting to create resource client
Deployment/velero: created
Velero is installed! ⛵ Use 'kubectl logs deployment/velero -n velero-system' to view the status.

# 查看pod状态
root@master1:/data/velero# kubectl get pods -n velero-system
NAME                      READY   STATUS    RESTARTS   AGE
velero-6755cb8697-b87p9   1/1     Running   0          2m7s
# 验证安装
root@master1:/data/velero# kubectl  describe pod velero-6755cb8697-b87p9 -n velero-system  
Name:         velero-6755cb8697-b87p9
Namespace:    velero-system
Priority:     0
Node:         192.168.121.111/192.168.121.111
Start Time:   Wed, 24 Sep 2025 14:06:05 +0800
Labels:       component=velero
              deploy=velero
              pod-template-hash=6755cb8697
Annotations:  prometheus.io/path: /metrics
              prometheus.io/port: 8085
              prometheus.io/scrape: true
Status:       Running
IP:           10.200.166.162

3 namespace备份与恢复

3.1 备份

bash 复制代码 
# velero backup create 备份名 --include-namespaces(指定备份的namespace) myapp -n 指定velero所在的namespece
root@master1:/data/velero# kubectl get pods -A
NAMESPACE              NAME                                              READY   STATUS    RESTARTS       AGE
default                net-test2                                         1/1     Running   1 (15h ago)    2d18h
default                net-test3                                         1/1     Running   3 (15h ago)    2d18h
default                net-test4                                         1/1     Running   1 (15h ago)    21h
kube-system            calico-kube-controllers-754966f84c-nb8mt          1/1     Running   8 (15h ago)    2d21h
kube-system            calico-node-29mld                                 1/1     Running   4 (15h ago)    2d21h
kube-system            calico-node-4rnzt                                 1/1     Running   6 (15h ago)    2d21h
kube-system            calico-node-p4ddl                                 1/1     Running   4 (15h ago)    2d21h
kube-system            calico-node-rn7fk                                 1/1     Running   10 (15h ago)   2d21h
kube-system            coredns-7db6b45f67-ht47r                          1/1     Running   2 (15h ago)    43h
kube-system            coredns-7db6b45f67-xpzmr                          1/1     Running   3 (15h ago)    42h
kubernetes-dashboard   dashboard-metrics-scraper-69d947947b-94c4p        1/1     Running   4 (15h ago)    40h
kubernetes-dashboard   kubernetes-dashboard-744bdb9f9b-f2zns             1/1     Running   4 (15h ago)    40h
myapp                  linux66-tomcat-app1-deployment-667c9cf879-hz98v   1/1     Running   0              92m
velero-system          velero-6755cb8697-b87p9                           1/1     Running   0              13m

root@master1:/data/velero# velero backup create chenjun666-20250924  --include-namespaces myapp -n velero-system
Backup request "chenjun666-20250924" submitted successfully.
Run `velero backup describe chenjun666-20250924` or `velero backup logs chenjun666-20250924` for more details.

# 定时任务脚本自动备份
root@master1:/data/velero# crontab -e 
* 0 * * * * DATE=`date +%Y%m%d%H%M%S` && velero backup create myapp-ns-backup-${DATE} --include-namespaces myapp --kubeconfig=./awsuser.kubeconfig --namespace velero-system
# 手动备份
root@master1:/data/velero# DATE=`date +%Y%m%d%H%M%S` && velero backup create myapp-ns-backup-${DATE} --include-namespaces myapp --kubeconfig=./awsuser.kubeconfig --namespace velero-system
Backup request "myapp-ns-backup-20250924142245" submitted successfully.
Run `velero backup describe myapp-ns-backup-20250924142245` or `velero backup logs myapp-ns-backup-20250924142245` for more details.

web页面查看是否备份成功

3.2 恢复

bash 复制代码 
root@master1:/data/velero# kubectl get deployments.apps -n myapp 
NAME                             READY   UP-TO-DATE   AVAILABLE   AGE
linux66-tomcat-app1-deployment   1/1     1            1           102m
root@master1:/data/velero# kubectl get svc -n myapp 
NAME                          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
linux66-tomcat-app1-service   ClusterIP   10.100.253.206   <none>        80/TCP    102m
root@master1:/data/velero# kubectl get pod -n myapp 
NAME                                              READY   STATUS    RESTARTS   AGE
linux66-tomcat-app1-deployment-667c9cf879-hz98v   1/1     Running   0          102m

# 删除service
root@master1:/data/velero# kubectl delete svc linux66-tomcat-app1-service -n myapp
service "linux66-tomcat-app1-service" deleted
# 删除deployment
root@master1:/data/velero# kubectl delete deployments linux66-tomcat-app1-deployment -n myapp
deployment.apps "linux66-tomcat-app1-deployment" deleted

root@master1:/data/velero# kubectl get pods -n myapp
No resources found in myapp namespace.

# 恢复备份
root@master1:/data/velero# velero restore create --from-backup myapp-ns-backup-20250924142627 --wait --kubeconfig=./awsuser.kubeconfig --namespace velero-system
Restore request "myapp-ns-backup-20250924142627-20250924145217" submitted successfully.
Waiting for restore to complete. You may safely press ctrl-c to stop waiting - your restore will continue in the background.

Restore completed with status: Completed. You may check for more information using the commands `velero restore describe myapp-ns-backup-20250924142627-20250924145217` and `velero restore logs myapp-ns-backup-20250924142627-20250924145217`.

root@master1:/data/velero# kubectl get pods -n myapp
NAME                                              READY   STATUS    RESTARTS   AGE
linux66-tomcat-app1-deployment-667c9cf879-hz98v   1/1     Running   0          27s
相关推荐
行者Sun19892 小时前
【K8s】Kubernetes 虚拟机管理工具之 KubeVirt
云原生·容器·kubernetes
能不能别报错2 小时前
K8s学习笔记(六) K8s升级与节点管理
笔记·学习·kubernetes
今天也好累2 小时前
贪心算法之分数背包问题
c++·笔记·学习·算法·贪心算法
青衫客363 小时前
浅谈 Kubernetes 微服务部署架构
微服务·架构·kubernetes
虚伪的空想家3 小时前
生产环境K8S的etcd备份脚本
运维·容器·kubernetes·脚本·备份·etcd
誰能久伴不乏3 小时前
Linux Shell 脚本:从零到进阶的实战笔记
linux·chrome·笔记
九年义务漏网鲨鱼3 小时前
等效学习率翻倍?梯度累积三连坑:未除以 accum_steps、调度器步进错位、梯度裁剪/正则标度错误(含可复现实验与修复模板)
python·深度学习·学习
孙克旭_3 小时前
kind部署K8S集群并将“修仙业务“部署到kind集群
linux·运维·云原生·kubernetes·kind
ooolmf4 小时前
3.1.1话题,发布小说笔记20250923
笔记
热门推荐
01UV 工具安装与国内镜像源配置指南02GitHub 镜像站点03Spec-Kit 使用指南04UV安装并设置国内源0546个Nano-banana 精选提示词,持续更新中062025年华为杯研赛数学建模竞赛C题完整参考论文 (含模型、MATLAB和Python代码)07保姆级教程:手把手教你用Dify实现完美多轮对话(附Chatflow和提示词)08KGG转MP3工具|非KGM文件|解密音频09Linux下V2Ray安装配置指南10jdk21下载、安装(Windows、Linux、macOS)