title: 示例 description: description keywords:

  • rancher
  • rancher中文
  • rancher中文文档
  • rancher官网
  • rancher文档
  • Rancher
  • rancher 中文
  • rancher 中文文档
  • rancher cn
  • 备份和恢复
  • rancher 2.5
  • 示例

本节包含 Backup 和 Restore 自定义资源的示例。

默认的备份存储位置是在安装或升级rancher-backup operator 时配置的。

只有 Restore 自定义资源使用与创建备份相同的加密配置 secret 时,才能还原加密的备份。

备份

本节包含 Backup 自定义资源的示例。

在默认位置进行加密备份

  1. apiVersion: resources.cattle.io/v1
  2. kind: Backup
  3. metadata:
  4.   name: default-location-encrypted-backup
  5. spec:
  6.   resourceSetName: rancher-resource-set
  7.   encryptionConfigSecretName: encryptionconfig

在默认位置进行定期备份

  1. apiVersion: resources.cattle.io/v1
  2. kind: Backup
  3. metadata:
  4.   name: default-location-recurring-backup
  5. spec:
  6.   resourceSetName: rancher-resource-set
  7.   schedule: "@every 1h"
  8.   retentionCount: 10

在默认位置进行加密的定期备份

  1. apiVersion: resources.cattle.io/v1
  2. kind: Backup
  3. metadata:
  4.   name: default-enc-recurring-backup
  5. spec:
  6.   resourceSetName: rancher-resource-set
  7.   encryptionConfigSecretName: encryptionconfig
  8.   schedule: "@every 1h"
  9.   retentionCount: 3

Minio 中的加密备份

  1. apiVersion: resources.cattle.io/v1
  2. kind: Backup
  3. metadata:
  4.   name: minio-backup
  5. spec:
  6.   storageLocation:
  7.     s3:
  8.       credentialSecretName: minio-creds
  9.       credentialSecretNamespace: default
  10.       bucketName: rancherbackups
  11.       endpoint: minio.sslip.io
  12.       endpointCA: LS0tLS1CRUdJTi3VUFNQkl5UUT.....pbEpWaVzNkRS0tLS0t
  13.   resourceSetName: rancher-resource-set
  14.   encryptionConfigSecretName: encryptionconfig

使用 AWS Credential Secret 在 S3 中备份

  1. apiVersion: resources.cattle.io/v1
  2. kind: Backup
  3. metadata:
  4.   name: s3-backup
  5. spec:
  6.   storageLocation:
  7.     s3:
  8.       credentialSecretName: s3-creds
  9.       credentialSecretNamespace: default
  10.       bucketName: rancher-backups
  11.       folder: ecm1
  12.       region: us-west-2
  13.       endpoint: s3.us-west-2.amazonaws.com
  14.   resourceSetName: rancher-resource-set
  15.   encryptionConfigSecretName: encryptionconfig

使用 AWS Credential Secret 在 S3 中进行定期备份

  1. apiVersion: resources.cattle.io/v1
  2. kind: Backup
  3. metadata:
  4.   name: s3-recurring-backup
  5. spec:
  6.   storageLocation:
  7.     s3:
  8.       credentialSecretName: s3-creds
  9.       credentialSecretNamespace: default
  10.       bucketName: rancher-backups
  11.       folder: ecm1
  12.       region: us-west-2
  13.       endpoint: s3.us-west-2.amazonaws.com
  14.   resourceSetName: rancher-resource-set
  15.   encryptionConfigSecretName: encryptionconfig
  16.   schedule: "@every 1h"
  17.   retentionCount: 10

从具有访问 S3 的 IAM 权限的 EC2 节点进行备份

这个例子表明,如果运行 rancher-backup 的节点拥有这些访问 S3 的权限,就不必提供 AWS 的凭证 secret 来创建备份。

  1. apiVersion: resources.cattle.io/v1
  2. kind: Backup
  3. metadata:
  4.   name: s3-iam-backup
  5. spec:
  6.   storageLocation:
  7.     s3:
  8.       bucketName: rancher-backups
  9.       folder: ecm1
  10.       region: us-west-2
  11.       endpoint: s3.us-west-2.amazonaws.com
  12.   resourceSetName: rancher-resource-set
  13.   encryptionConfigSecretName: encryptionconfig

恢复

本节包含 Restore 自定义资源的示例。

使用默认备份文件位置还原

  1. apiVersion: resources.cattle.io/v1
  2. kind: Restore
  3. metadata:
  4.   name: restore-default
  5. spec:
  6.   backupFilename: default-location-recurring-backup-752ecd87-d958-4d20-8350-072f8d090045-2020-09-26T12-29-54-07-00.tar.gz
  7. #  encryptionConfigSecretName: test-encryptionconfig

恢复 Rancher 迁移

  1. apiVersion: resources.cattle.io/v1
  2. kind: Restore
  3. metadata:
  4.   name: restore-migration
  5. spec:
  6.   backupFilename: backup-b0450532-cee1-4aa1-a881-f5f48a007b1c-2020-09-15T07-27-09Z.tar.gz
  7.   prune: false
  8.   storageLocation:
  9.     s3:
  10.       credentialSecretName: s3-creds
  11.       credentialSecretNamespace: default
  12.       bucketName: rancher-backups
  13.       folder: ecm1
  14.       region: us-west-2
  15.       endpoint: s3.us-west-2.amazonaws.com

从加密的备份中恢复

  1. apiVersion: resources.cattle.io/v1
  2. kind: Restore
  3. metadata:
  4.   name: restore-encrypted
  5. spec:
  6.   backupFilename: default-test-s3-def-backup-c583d8f2-6daf-4648-8ead-ed826c591471-2020-08-24T20-47-05Z.tar.gz
  7.   encryptionConfigSecretName: encryptionconfig

从 Minio 恢复加密的备份

  1. apiVersion: resources.cattle.io/v1
  2. kind: Restore
  3. metadata:
  4.   name: restore-minio
  5. spec:
  6.   backupFilename: default-minio-backup-demo-aa5c04b7-4dba-4c48-9ac4-ab7916812eaa-2020-08-30T13-18-17-07-00.tar.gz
  7.   storageLocation:
  8.     s3:
  9.       credentialSecretName: minio-creds
  10.       credentialSecretNamespace: default
  11.       bucketName: rancherbackups
  12.       endpoint: minio.sslip.io
  13.       endpointCA: LS0tLS1CRUdJTi3VUFNQkl5UUT.....pbEpWaVzNkRS0tLS0t
  14.   encryptionConfigSecretName: test-encryptionconfig

使用 AWS 凭证 Secre 访问 S3 从备份中还原

  1. apiVersion: resources.cattle.io/v1
  2. kind: Restore
  3. metadata:
  4.   name: restore-s3-demo
  5. spec:
  6.   backupFilename: test-s3-recurring-backup-752ecd87-d958-4d20-8350-072f8d090045-2020-09-26T12-49-34-07-00.tar.gz.enc
  7.   storageLocation:
  8.     s3:
  9.       credentialSecretName: s3-creds
  10.       credentialSecretNamespace: default
  11.       bucketName: rancher-backups
  12.       folder: ecm1
  13.       region: us-west-2
  14.       endpoint: s3.us-west-2.amazonaws.com
  15.   encryptionConfigSecretName: test-encryptionconfig

从具有 IAM 权限的 EC2 节点还原以访问 S3

这个例子表明,如果运行 rancher-backup 的节点拥有这些访问 S3 的权限,就不必提供 AWS 的凭证 secret 来从备份中还原。

  1. apiVersion: resources.cattle.io/v1
  2. kind: Restore
  3. metadata:
  4.   name: restore-s3-demo
  5. spec:
  6.   backupFilename: default-test-s3-recurring-backup-84bf8dd8-0ef3-4240-8ad1-fc7ec308e216-2020-08-24T10#52#44-07#00.tar.gz
  7.   storageLocation:
  8.     s3:
  9.       bucketName: rajashree-backup-test
  10.       folder: ecm1
  11.       region: us-west-2
  12.       endpoint: s3.us-west-2.amazonaws.com
  13.   encryptionConfigSecretName: test-encryptionconfig

在 S3 中存储备份的凭证 Secret 示例

  1. apiVersion: v1
  2. kind: Secret
  3. metadata:
  4.   name: creds
  5. type: Opaque
  6. data:
  7.   accessKey: <Enter your base64-encoded access key>
  8.   secretKey: <Enter your base64-encoded secret key>

EncryptionConfiguration 示例

  1. apiVersion: apiserver.config.k8s.io/v1
  2. kind: EncryptionConfiguration
  3. resources:
  4.   - resources:
  5.       - secrets
  6.     providers:
  7.       - aesgcm:
  8.           keys:
  9.             - name: key1
  10.               secret: c2VjcmV0IGlzIHNlY3VyZQ==
  11.             - name: key2
  12.               secret: dGhpcyBpcyBwYXNzd29yZA==
  13.       - aescbc:
  14.           keys:
  15.             - name: key1
  16.               secret: c2VjcmV0IGlzIHNlY3VyZQ==
  17.             - name: key2
  18.               secret: dGhpcyBpcyBwYXNzd29yZA==
  19.       - secretbox:
  20.           keys:
  21.             - name: key1
  22.               secret: YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=