$ oc get backupStorageLocationsYou back up applications by creating a Backup custom resource (CR).
The Backup CR creates backup files for Kubernetes resources and internal images, on S3 object storage, and snapshots for persistent volumes (PVs), if the cloud provider uses a native snapshot API or the Container Storage Interface (CSI) to create snapshots, such as OpenShift Data Foundation 4. For more information, see CSI volume snapshots.
|
The For more information about the support scope of Red Hat Technology Preview features, see https://access.redhat.com/support/offerings/techpreview/. |
If your cloud provider has a native snapshot API or supports Container Storage Interface (CSI) snapshots, the Backup CR backs up persistent volumes by creating snapshots. For more information, see the Overview of CSI volume snapshots in the OpenShift Container Platform documentation.
If your cloud provider does not support snapshots or if your applications are on NFS data volumes, you can create backups by using Restic.
You can create backup hooks to run commands before or after the backup operation.
You can schedule backups by creating a Schedule CR instead of a Backup CR.
You back up Kubernetes images, internal images, and persistent volumes (PVs) by creating a Backup custom resource (CR).
You must install the OpenShift API for Data Protection (OADP) Operator.
The DataProtectionApplication CR must be in a Ready state.
Backup location prerequisites:
You must have S3 object storage configured for Velero.
You must have a backup location configured in the DataProtectionApplication CR.
Snapshot location prerequisites:
Your cloud provider must have a native snapshot API or support Container Storage Interface (CSI) snapshots.
For CSI snapshots, you must create a VolumeSnapshotClass CR to register the CSI driver.
You must have a volume location configured in the DataProtectionApplication CR.
Retrieve the backupStorageLocations CRs:
$ oc get backupStorageLocationsNAME PHASE LAST VALIDATED AGE DEFAULT
velero-sample-1 Available 11s 31mCreate a Backup CR, as in the following example:
apiVersion: velero.io/v1
kind: Backup
metadata:
name: <backup>
labels:
velero.io/storage-location: default
namespace: openshift-adp
spec:
hooks: {}
includedNamespaces:
- <namespace> (1)
storageLocation: <velero-sample-1> (2)
ttl: 720h0m0s| 1 | Specify an array of namespaces to back up. |
| 2 | Specify the name of the backupStorageLocations CR. |
Verify that the status of the Backup CR is Completed:
$ oc get backup -n openshift-adp <backup> -o jsonpath='{.status.phase}'You back up persistent volumes with Container Storage Interface (CSI) snapshots by editing the VolumeSnapshotClass custom resource (CR) of the cloud storage before you create the Backup CR.
The cloud provider must support CSI snapshots.
You must enable CSI in the DataProtectionApplication CR.
Add the metadata.labels.velero.io/csi-volumesnapshot-class: "true" key-value pair to the VolumeSnapshotClass CR:
apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshotClass
metadata:
name: <volume_snapshot_class_name>
labels:
velero.io/csi-volumesnapshot-class: "true"
driver: <csi_driver>
deletionPolicy: RetainYou can now create a Backup CR.
The OADP 1.1 Data Mover enables customers to back up CSI volume snapshots to a remote object store and to restore stateful applications from the store in the event of a failure, accidental deletion or corruption of the cluster. The OADP 1.1 Data Mover solution uses the Restic option of VolSync.
|
Data Mover is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. For more information about the support scope of Red Hat Technology Preview features, see https://access.redhat.com/support/offerings/techpreview/. |
|
Data Mover supports backup and restore of CSI volume snapshots only. Currently, Data Mover does not support Google Cloud Storage (GCS) buckets. |
The StorageClass and VolumeSnapshotClass CRs support CSI.
Only one volumeSnapshotClass CR has the annotation snapshot.storage.kubernetes.io/is-default-class: true.
Only one storageClass CR has the annotation storageclass.kubernetes.io/is-default-class: true.
Include the label velero.io/csi-volumesnapshot-class: 'true' in your VolumeSnapshotClass CR to indicate for Velero which to use.
Install the VolSync Operator using the Operator Lifecycle Manager (OLM).
|
The VolSync operator is required only for use with the Technology Preview Data Mover. The operator is not required for using OADP GA features. |
Install the OADP operator using OLM.
Configure a Restic secret:
$ cat << EOF > ./restic-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: <secret-name>
namespace: openshift-adp
type: Opaque
stringData:
# The repository encryption key
RESTIC_PASSWORD: <secure-restic-password>
EOF|
By default, the operator looks for a secret named |
Create a DPA similar to the following example. Note that defaultPlugins includes CSI.
apiVersion: oadp.openshift.io/v1alpha1
kind: DataProtectionApplication
metadata:
name: velero-sample
namespace: openshift-adp
spec:
features:
dataMover:
enable: true
credentialName: <secret-name> (1)
backupLocations:
- velero:
config:
profile: default
region: us-east-1
credential:
key: cloud
name: cloud-credentials
default: true
objectStorage:
bucket: <bucket-name>
prefix: <bucket-prefix>
provider: aws
configuration:
restic:
enable: <true or false>
velero:
defaultPlugins:
- openshift
- aws
- csi| 1 | Add the Restic secret name from the previous step. If this is not done, the default secret name dm-credential is used. |
The OADP operator installs two custom resource definitions (CRDs), VolumeSnapshotBackup and VolumeSnapshotRestore.
VolumeSnapshotBackup CRapiVersion: datamover.oadp.openshift.io/v1alpha1
kind: VolumeSnapshotBackup
metadata:
name: <vsb-name>
namespace: <namespace-name> (1)
spec:
volumeSnapshotContent:
name: <snapcontent-name>
protectedNamespace: <adp-namespace>
resticSecretRef:
name: <restic-secret-name>| 1 | Specify the namespace where the volume snapshot resides. |
VolumeSnapshotRestore CRapiVersion: datamover.oadp.openshift.io/v1alpha1
kind: VolumeSnapshotRestore
metadata:
name: <vsr-name>
namespace: <namespace-name> (1)
spec:
protectedNamespace: <protected-ns> (2)
resticSecretRef:
name: <restic-secret-name>
volumeSnapshotMoverBackupRef:
sourcePVCData:
name: <source-pvc-name>
size: <source-pvc-size>
resticrepository: <your-restic-repo>
volumeSnapshotClassName: <vsclass-name>| 1 | Specify the namespace where the volume snapshot resides. |
| 2 | Specify the namespace where the operator is installed. The default is openshift-adp. |
To back up a snapshot, do the following:
Create a backup CR:
apiVersion: velero.io/v1
kind: Backup
metadata:
name: <backup-name>
namespace: <protected-ns> (1)
spec:
includedNamespaces:
- <app-ns>
storageLocation: velero-sample-1| 1 | Specify the namespace where the operator is installed. The default is openshift-adp. |
Wait several minutes and check whether the VolumeSnapshotBackup CR status is Completed:
`oc get vsb -n <app-ns>`
`oc get vsb <vsb-name> -n <app-ns> -ojsonpath="{.status.phase}`A snapshot appears in the object store that was specified in the restic secret.
To restore a snapshot, do the following:
Delete the application namespace and the volumeSnapshotContent that was created by the Velero CSI plug-in.
Create a restore CR, set restorePVs to true.
apiVersion: velero.io/v1
kind: Restore
metadata:
name: <restore-name>
namespace: <protected-ns>
spec:
backupName: <previous-backup-name>
restorePVs: trueWait several minutes and check whether the VolumeSnapshotRestore CR status is `Completed`S:
oc get vsr -n <app-ns>
oc get vsr <vsr-name> -n <app-ns> -ojsonpath="{.status.phase}
Check that your application data has been restored:
oc get route <route-name> -n <app-ns> -ojsonpath="{.spec.host}"
You create backup hooks to run commands in a container in a pod by editing the Backup custom resource (CR).
Pre hooks run before the pod is backed up. Post hooks run after the backup.
Add a hook to the spec.hooks block of the Backup CR, as in the following example:
apiVersion: velero.io/v1
kind: Backup
metadata:
name: <backup>
namespace: openshift-adp
spec:
hooks:
resources:
- name: <hook_name>
includedNamespaces:
- <namespace> (1)
excludedNamespaces:
- <namespace>
includedResources:
- pods (2)
excludedResources: []
labelSelector: (3)
matchLabels:
app: velero
component: server
pre: (4)
- exec:
container: <container> (5)
command:
- /bin/uname (6)
- -a
onError: Fail (7)
timeout: 30s (8)
post: (9)
...| 1 | Array of namespaces to which the hook applies. If this value is not specified, the hook applies to all namespaces. |
| 2 | Currently, pods are the only supported resource. |
| 3 | Optional: This hook only applies to objects matching the label selector. |
| 4 | Array of hooks to run before the backup. |
| 5 | Optional: If the container is not specified, the command runs in the first container in the pod. |
| 6 | Array of commands that the hook runs. |
| 7 | Allowed values for error handling are Fail and Continue. The default is Fail. |
| 8 | Optional: How long to wait for the commands to run. The default is 30s. |
| 9 | This block defines an array of hooks to run after the backup, with the same parameters as the pre-backup hooks. |
You schedule backups by creating a Schedule custom resource (CR) instead of a Backup CR.
You must install the OpenShift API for Data Protection (OADP) Operator.
The DataProtectionApplication CR must be in a Ready state.
Retrieve the backupStorageLocations CRs:
$ oc get backupStorageLocationsNAME PHASE LAST VALIDATED AGE DEFAULT
velero-sample-1 Available 11s 31mCreate a Schedule CR, as in the following example:
$ cat << EOF | oc apply -f -
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: <schedule>
namespace: openshift-adp
spec:
schedule: 0 7 * * * (1)
template:
hooks: {}
includedNamespaces:
- <namespace> (2)
storageLocation: <velero-sample-1> (3)
defaultVolumesToRestic: true (4)
ttl: 720h0m0s
EOF| 1 | cron expression to schedule the backup, for example, 0 7 * * * to perform a backup every day at 7:00. |
| 2 | Array of namespaces to back up. |
| 3 | Name of the backupStorageLocations CR. |
| 4 | Optional: Add the defaultVolumesToRestic: true key-value pair if you are backing up volumes with Restic. |
Verify that the status of the Schedule CR is Completed after the scheduled backup runs:
$ oc get schedule -n openshift-adp <schedule> -o jsonpath='{.status.phase}'