This topic describes how to use Velero to backup and restore a stateful application with ingress and a static IP address.

Overview

This topic describes how to use Velero to backup and restore a stateful application with ingress and a static IP address.

The application we are going to use to demonstrate this scenario is the Cafe stateless app. Kubernetes ingress provides a layer 7 load balancer. In this case the IP address must be static.

To demonstrate backing up and restoring a stateful application:

  1. Create a Network Profile
  2. Deploy the Coffee-Tea App
  3. Back Up the Coffee-Tea App Using Namespace
  4. Restore the Coffee-Tea App
  5. Review Conclusions

Prerequisites

Before starting your Velero demonstraion, you need to:

  • Have a TKGI Kubernetes cluster with static IP set from a floating IP pool.
  • Minio, Velero, and Restic have been installed. For more information, see Installing Velero and Restic.
  • Download the Coffee-Tea app YAML files to a local known directory:

    • coffee-rc.yml
    • tea-rc.yml
    • coffee-svc.yml
    • tea-svc.yml
    • cafe-ingress-http.yml
  • If testing locally, ensure the following entry is present in the /etc/hosts of the computer accessing the Coffee-Tea app:

    /etc/hosts
    10.199.41.111 cafe.example.com
    

Create a Network Profile

To create and apply a network profile for DNS lookup of the Kubernetes API server and the fixed IP address:

  1. Create a network profile using the following template:

    {  
        "name": "dns-lookup-api-ingress",  
        "description": "Network Profile for DNS Lookup - API and INGRESS",  
        "parameters": {  
            "fip_pool_ids": [  
                "970e09f1-6f28-4457-b069-5c40d145f4e3"  
            ],  
        "dns_lookup_mode": "API_INGRESS",  
        "ingress_prefix": "INGRESS-SUBDOMAIN"  
        }  
    }  
    

    Where INGRESS-SUBDOMAIN is the ingress subdomain prefix.

    Because DNS mode is set to API_INGRESS, TKGI creates the cluster with ingress_prefix.hostname as the Kubernetes control plane FQDN. TKGI confirms that the ingress subdomain can be resolved as a subdomain prefix on the host before creating new clusters.

  2. Apply the network profile to your Kubernetes cluster using tkgi update-cluster. For more information, see Assign a Network Profile to an Existing Cluster in Using Network Profiles.

Deploy the Coffee-Tea App

To deploy the example Coffee-Tea App:

  1. To create the Namespace for the application:

    kubectl create ns tea-coffee
    

    For example:

     kubectl create ns tea-coffee

    namespace/tea-coffee created

  2. To deploy the Tea-Coffee app:

    kubectl apply -f . -n tea-coffee
    

    For example:

     kubectl apply -f . -n tea-coffee

    ingress.extensions/cafe-ingress created
    replicationcontroller/coffee-rc created
    service/coffee-svc created
    replicationcontroller/tea-rc created
    service/tea-svc created

  3. To verify the example app deployment:

    kubectl get all -n tea-coffee
    

    For example:

     kubectl get all -n tea-coffee

    NAME READY STATUS RESTARTS AGE
    pod/coffee-rc-8lrwn 1/1 Running 0 7m19s
    pod/coffee-rc-kn65r 1/1 Running 0 7m19s
    pod/tea-rc-fhhnz 1/1 Running 0 7m19s
    pod/tea-rc-t59cs 1/1 Running 0 7m19s

    NAME DESIRED CURRENT READY AGE
    replicationcontroller/coffee-rc 2 2 2 7m19s
    replicationcontroller/tea-rc 2 2 2 7m19s

    NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
    service/coffee-svc ClusterIP 10.100.200.223 80/TCP 7m19s
    service/tea-svc ClusterIP 10.100.200.229 80/TCP 7m19s

  4. To review the sample app’s ingress configuration:

    kubectl get ingress -n tea-coffee
    

    For example:

     kubectl get ingress -n tea-coffee

    NAME HOSTS ADDRESS PORTS AGE
    cafe-ingress cafe.example.com 10.199.41.111 80 8s

  5. To review the sample app’s ingress configuration:

    kubectl describe ingress cafe-ingress -n tea-coffee
    

    For example:

     kubectl describe ingress cafe-ingress -n tea-coffee

    Name: cafe-ingress
    Namespace: tea-coffee
    Address: 10.199.41.111
    Default backend: default-http-backend:80 ( )
    Rules:
    Host Path Backends


    cafe.example.com
    /tea tea-svc:80 (172.16.19.4:80,172.16.19.5:80)
    /coffee coffee-svc:80 (172.16.19.2:80,172.16.19.3:80)
    Annotations: kubectl.kubernetes.io/last-applied-configuration: {“apiVersion”:“networking.k8s.io/v1”,“kind”:“Ingress”,“metadata”:{“annotations”:{},“name”:“cafe-ingress”,“namespace”:“tea-coffee”},“spec”:{“rules”:[{“host”:“cafe.example.com”,“http”:{“paths”:[{“backend”:{“service”:{“name”:“tea-svc”,“port”:{“number”:80}}},“path”:“/tea”,“pathType”:“Prefix”},{“backend”:{“service”:{“name”:“coffee-svc”,“port”:{number":80}}},“path”:“/coffee”,“pathType”:“Prefix”}]}}]}}

    ncp/internal_ip_for_policy: 100.64.208.63
    Events:

  6. To access the Coffee-Tea app, connect to the Coffee-Tea app at http://cafe.example.com/coffee and http://cafe.example.com/tea.

    For example:

    Coffee-Tea App

    Coffee-Tea App

Back Up the Coffee-Tea App Using Namespace

To back up the Coffee-Tea App using the sample apps’s tea-coffee-backup namespace:

  1. Use the Velero backup command:

    velero backup create tea-coffee-backup --include-namespaces tea-coffee
    
    

    For example:

     velero backup create tea-coffee-backup –include-namespaces tea-coffee

    Backup request “tea-coffee-backup” submitted successfully.
    Run velero backup describe tea-coffee-backup or velero backup logs tea-coffee-backup for more details.

  2. Verify the backup:

    velero backup get
    

    For example:

     velero backup get

    NAME STATUS ERRORS WARNINGS CREATED EXPIRES STORAGE LOCATION SELECTOR
    tea-coffee-backup Completed 0 0 2020-07-27 09:16:02 -0700 PDT 29d default

  3. Verify the backup by reviewing backup details:

    velero backup describe tea-coffee-backup
    
  4. To verify the backup further:

    1. Use the Velero CRD command:

      kubectl get crd
      
    2. Review the status of the backup:

      kubectl get backups.velero.io -n velero
      

      For example:

       kubectl get backups.velero.io -n velero

      NAME AGE
      tea-coffee-backup 97s

    3. Review the details of the backup:

      kubectl describe backups.velero.io tea-coffee-backup -n velero
      

Restore the Coffee-Tea App

To restore the Coffee-Tea app from the backup using Velero:

  1. To clear the original Coffee-Tea app from your cluster:

    1. Delete the Coffee-Tea app namespace:

      kubectl delete ns tea-coffee
      

      For example:

       kubectl delete ns tea-coffee

      namespace “tea-coffee” deleted

    2. Verify that the Coffee-Tea app has been removed:

      kubectl get ns
      
  2. To restore the Coffee-Tea app from backup using Velero:

    velero restore create --from-backup tea-coffee-backup
    

    For example:

     velero restore create –from-backup tea-coffee-backup

    Restore request “tea-coffee-backup-20200727092014” submitted successfully.
    Run velero restore describe tea-coffee-backup-20200727092014 or velero restore logs tea-coffee-backup-20200727092014 for more details.

  3. To verify the Coffee-Tea app has been restored:

    1. Review the Velero restoral history:

      velero restore get
      

      For example:

       velero restore get

      NAME BACKUP STATUS ERRORS WARNINGS CREATED SELECTOR
      tea-coffee-backup-20200727092014 tea-coffee-backup Completed 0 0 2020-07-27 09:20:14 -0700 PDT

    2. To review the Velero restoration:

      velero restore describe tea-coffee-backup-20200727092014
      

      For example:

       velero restore describe tea-coffee-backup-20200727092014

      Name: tea-coffee-backup-20200727092014
      Namespace: velero
      Labels:
      Annotations:

      Phase: Completed

      Backup: tea-coffee-backup

      Namespaces:
      Included: all namespaces found in the backup
      Excluded:

      Resources:
      Included: *
      Excluded: nodes, events, events.events.k8s.io, backups.velero.io, restores.velero.io, resticrepositories.velero.io
      Cluster-scoped: auto

      Namespace mappings:

      Label selector:

      Restore PVs: auto

    3. Confirm that the Coffee-Tea app’s tea-coffee namespace has been restored:

      kubectl get ns
      

      For example:

       kubectl get ns
      NAME STATUS AGE
      default Active 138m
      kube-node-lease Active 138m
      kube-public Active 138m
      kube-system Active 138m
      pks-system Active 121m
      tea-coffee Active 56s
      velero Active 9m24s

    4. Verify that all app objects have been restored:

      kubectl get all -n tea-coffee
      

      For example:

       kubectl get all -n tea-coffee

      NAME READY STATUS RESTARTS AGE
      pod/coffee-rc-8lrwn 1/1 Running 0 89s
      pod/coffee-rc-kn65r 1/1 Running 0 89s
      pod/tea-rc-fhhnz 1/1 Running 0 89s
      pod/tea-rc-t59cs 1/1 Running 0 89s

      NAME DESIRED CURRENT READY AGE
      replicationcontroller/coffee-rc 2 2 2 89s
      replicationcontroller/tea-rc 2 2 2 89s

      NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
      service/coffee-svc ClusterIP 10.100.200.197 80/TCP 89s
      service/tea-svc ClusterIP 10.100.200.17 80/TCP 89s

    5. Review the Coffee-Tea app ingress:

      kubectl get ingress -n tea-coffee
      

      For example:

       kubectl get ingress -n tea-coffee

      NAME HOSTS ADDRESS PORTS AGE
      cafe-ingress cafe.example.com 10.199.41.111 80 112s

    6. Review Coffee-Tea app ingress details:

      kubectl describe ingress cafe-ingress -n tea-coffee
      

      For example:

       kubectl describe ingress cafe-ingress -n tea-coffee

      Name: cafe-ingress
      Namespace: tea-coffee
      Address: 10.199.41.111
      Default backend: default-http-backend:80 ( )
      Rules:
      Host Path Backends


      cafe.example.com
      /tea tea-svc:80 (172.16.19.2:80,172.16.19.3:80)
      /coffee coffee-svc:80 (172.16.19.4:80,172.16.19.5:80)
      Annotations:
      kubectl.kubernetes.io/last-applied-configuration: {“apiVersion”:“networking.k8s.io/v1”,“kind”:“Ingress”,“metadata”:{“annotations”:{},“name”:“cafe-ingress”,“namespace”:“tea-coffee”},“spec”:{“rules”:[{“host”:“cafe.example.com”,“http”:{“paths”:[{“backend”:{“service”:{“name”:“tea-svc”,“port”:{“number”:80}}},“path”:“/tea”,“pathType”:“Prefix”},{“backend”:{“service”:{“name”:“coffee-svc”,“port”:{number":80}}},“path”:“/coffee”,“pathType”:“Prefix”}]}}]}}

      ncp/internal_ip_for_policy: 100.64.208.63
      Events:

  4. To access the restored Coffee-Tea app, connect to the Coffee-Tea app at http://cafe.example.com/coffee and http://cafe.example.com/tea.

    For example:

    Coffee-Tea App

    Coffee-Tea App

Conclusions

Key takeaways from the Velero backup and restore operation for this type of application:

  • The namespace ‘tea-coffee’ is automatically recreated by Velero
  • The Kubernetes ingress IP is preserved (10.199.41.111)
check-circle-line exclamation-circle-line close-line
Scroll to top icon