This topic describes how to use Velero to back up and restore a stateful application with ingress and a static IP address.
This topic describes how to use Velero to back up and restore a stateful application with ingress and a static IP address.
The application we are going to use to demonstrate this scenario is the Cafe stateless app. Kubernetes ingress provides a layer 7 load balancer. In this case the IP address must be static.
To demonstrate backing up and restoring a stateful application:
Before starting your Velero demonstration, you need to:
Download the Coffee-Tea app YAML files to a local known directory:
coffee-rc.yml
tea-rc.yml
coffee-svc.yml
tea-svc.yml
cafe-ingress-http.yml
If testing locally, ensure the following entry is present in the /etc/hosts
of the computer accessing the Coffee-Tea app:
/etc/hosts
10.199.41.111 cafe.example.com
To create and apply a network profile for DNS lookup of the Kubernetes API server and the fixed IP address:
Create a network profile using the following template:
{
"name": "dns-lookup-api-ingress",
"description": "Network Profile for DNS Lookup - API and INGRESS",
"parameters": {
"fip_pool_ids": [
"970e09f1-6f28-4457-b069-5c40d145f4e3"
],
"dns_lookup_mode": "API_INGRESS",
"ingress_prefix": "INGRESS-SUBDOMAIN"
}
}
Where INGRESS-SUBDOMAIN
is the ingress subdomain prefix.
Because DNS mode is set to API_INGRESS
, TKGI creates the cluster with ingress_prefix.hostname as the Kubernetes control plane FQDN. TKGI confirms that the ingress subdomain can be resolved as a subdomain prefix on the host before creating new clusters.
Apply the network profile to your Kubernetes cluster using tkgi update-cluster
. For more information, see Assign a Network Profile to an Existing Cluster in Using Network Profiles.
To deploy the example Coffee-Tea App:
To create the Namespace for the application:
kubectl create ns tea-coffee
For example:
kubectl create ns tea-coffee
namespace/tea-coffee created
To deploy the Tea-Coffee app:
kubectl apply -f . -n tea-coffee
For example:
kubectl apply -f . -n tea-coffee
ingress.extensions/cafe-ingress created
replicationcontroller/coffee-rc created
service/coffee-svc created
replicationcontroller/tea-rc created
service/tea-svc created
To verify the example app deployment:
kubectl get all -n tea-coffee
For example:
kubectl get all -n tea-coffee
NAME READY STATUS RESTARTS AGE
pod/coffee-rc-8lrwn 1/1 Running 0 7m19s
pod/coffee-rc-kn65r 1/1 Running 0 7m19s
pod/tea-rc-fhhnz 1/1 Running 0 7m19s
pod/tea-rc-t59cs 1/1 Running 0 7m19s
NAME DESIRED CURRENT READY AGE
replicationcontroller/coffee-rc 2 2 2 7m19s
replicationcontroller/tea-rc 2 2 2 7m19s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/coffee-svc ClusterIP 10.100.200.223 <none> 80/TCP 7m19s
service/tea-svc ClusterIP 10.100.200.229 <none> 80/TCP 7m19s
To review the sample app’s ingress configuration:
kubectl get ingress -n tea-coffee
For example:
kubectl get ingress -n tea-coffee
NAME HOSTS ADDRESS PORTS AGE
cafe-ingress cafe.example.com 10.199.41.111 80 8s
To review the sample app’s ingress configuration:
kubectl describe ingress cafe-ingress -n tea-coffee
For example:
kubectl describe ingress cafe-ingress -n tea-coffee
Name: cafe-ingress
Namespace: tea-coffee
Address: 10.199.41.111
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
cafe.example.com
/tea tea-svc:80 (172.16.19.4:80,172.16.19.5:80)
/coffee coffee-svc:80 (172.16.19.2:80,172.16.19.3:80)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"networking.k8s.io/v1","kind":"Ingress","metadata":{"annotations":{},"name":"cafe-ingress","namespace":"tea-coffee"},"spec":{"rules":[{"host":"cafe.example.com","http":{"paths":[{"backend":{"service":{"name":"tea-svc","port":{"number":80}}},"path":"/tea","pathType":"Prefix"},{"backend":{"service":{"name":"coffee-svc","port":{number":80}}},"path":"/coffee","pathType":"Prefix"}]}}]}}
ncp/internal_ip_for_policy: 100.64.208.63
Events: <none>
To access the Coffee-Tea app, connect to the Coffee-Tea app at http://cafe.example.com/coffee
and http://cafe.example.com/tea
.
For example:
To back up the Coffee-Tea App using the sample apps’s tea-coffee-backup
namespace:
Use the Velero backup
command:
velero backup create tea-coffee-backup --include-namespaces tea-coffee
For example:
velero backup create tea-coffee-backup --include-namespaces tea-coffee
Backup request "tea-coffee-backup" submitted successfully.
Run `velero backup describe tea-coffee-backup` or `velero backup logs tea-coffee-backup` for more details.
Verify the backup:
velero backup get
For example:
velero backup get
NAME STATUS ERRORS WARNINGS CREATED EXPIRES STORAGE LOCATION SELECTOR
tea-coffee-backup Completed 0 0 2020-07-27 09:16:02 -0700 PDT 29d default <none>
Verify the backup by reviewing backup details:
velero backup describe tea-coffee-backup
To verify the backup further:
Use the Velero Kubernetes CustomResourceDefinition (CRD) command:
kubectl get crd
Review the status of the backup:
kubectl get backups.velero.io -n velero
For example:
kubectl get backups.velero.io -n velero
NAME AGE
tea-coffee-backup 97s
Review the details of the backup:
kubectl describe backups.velero.io tea-coffee-backup -n velero
To restore the Coffee-Tea app from the backup using Velero:
To clear the original Coffee-Tea app from your cluster:
Delete the Coffee-Tea app namespace:
kubectl delete ns tea-coffee
For example:
kubectl delete ns tea-coffee
namespace "tea-coffee" deleted
Verify that the Coffee-Tea app has been removed:
kubectl get ns
To restore the Coffee-Tea app from backup using Velero:
velero restore create --from-backup tea-coffee-backup
For example:
velero restore create --from-backup tea-coffee-backup
Restore request "tea-coffee-backup-20200727092014" submitted successfully.
Run `velero restore describe tea-coffee-backup-20200727092014` or `velero restore logs tea-coffee-backup-20200727092014` for more details.
To verify the Coffee-Tea app has been restored:
Review the Velero restoration history:
velero restore get
For example:
velero restore get
NAME BACKUP STATUS ERRORS WARNINGS CREATED SELECTOR
tea-coffee-backup-20200727092014 tea-coffee-backup Completed 0 0 2020-07-27 09:20:14 -0700 PDT <none>
To review the Velero restoration:
velero restore describe tea-coffee-backup-20200727092014
For example:
velero restore describe tea-coffee-backup-20200727092014
Name: tea-coffee-backup-20200727092014
Namespace: velero
Labels: <none>
Annotations: <none>
Phase: Completed
Backup: tea-coffee-backup
Namespaces:
Included: all namespaces found in the backup
Excluded: <none>
Resources:
Included: *
Excluded: nodes, events, events.events.k8s.io, backups.velero.io, restores.velero.io, resticrepositories.velero.io
Cluster-scoped: auto
Namespace mappings: <none>
Label selector: <none>
Restore PVs: auto
Confirm that the Coffee-Tea app’s tea-coffee
namespace has been restored:
kubectl get ns
For example:
kubectl get ns
NAME STATUS AGE
default Active 138m
kube-node-lease Active 138m
kube-public Active 138m
kube-system Active 138m
pks-system Active 121m
tea-coffee Active 56s
velero Active 9m24s
Verify that all app objects have been restored:
kubectl get all -n tea-coffee
For example:
kubectl get all -n tea-coffee
NAME READY STATUS RESTARTS AGE
pod/coffee-rc-8lrwn 1/1 Running 0 89s
pod/coffee-rc-kn65r 1/1 Running 0 89s
pod/tea-rc-fhhnz 1/1 Running 0 89s
pod/tea-rc-t59cs 1/1 Running 0 89s
NAME DESIRED CURRENT READY AGE
replicationcontroller/coffee-rc 2 2 2 89s
replicationcontroller/tea-rc 2 2 2 89s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/coffee-svc ClusterIP 10.100.200.197 <none> 80/TCP 89s
service/tea-svc ClusterIP 10.100.200.17 <none> 80/TCP 89s
Review the Coffee-Tea app ingress:
kubectl get ingress -n tea-coffee
For example:
kubectl get ingress -n tea-coffee
NAME HOSTS ADDRESS PORTS AGE
cafe-ingress cafe.example.com 10.199.41.111 80 112s
Review Coffee-Tea app ingress details:
kubectl describe ingress cafe-ingress -n tea-coffee
For example:
kubectl describe ingress cafe-ingress -n tea-coffee
Name: cafe-ingress
Namespace: tea-coffee
Address: 10.199.41.111
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
cafe.example.com
/tea tea-svc:80 (172.16.19.2:80,172.16.19.3:80)
/coffee coffee-svc:80 (172.16.19.4:80,172.16.19.5:80)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"networking.k8s.io/v1","kind":"Ingress","metadata":{"annotations":{},"name":"cafe-ingress","namespace":"tea-coffee"},"spec":{"rules":[{"host":"cafe.example.com","http":{"paths":[{"backend":{"service":{"name":"tea-svc","port":{"number":80}}},"path":"/tea","pathType":"Prefix"},{"backend":{"service":{"name":"coffee-svc","port":{number":80}}},"path":"/coffee","pathType":"Prefix"}]}}]}}
ncp/internal_ip_for_policy: 100.64.208.63
Events: <none>
To access the restored Coffee-Tea app, connect to the Coffee-Tea app at http://cafe.example.com/coffee
and http://cafe.example.com/tea
.
For example:
Key takeaways from the Velero back up and restore operation for this type of application:
tea-coffee
is automatically recreated by Velero.