title: 示例 description: description keywords:

  • rancher
  • rancher中文
  • rancher中文文档
  • rancher官网
  • rancher文档
  • Rancher
  • rancher 中文
  • rancher 中文文档
  • rancher cn
  • 备份和恢复
  • rancher 2.5
  • 示例

本节包含 Backup 和 Restore 自定义资源的示例。

默认的备份存储位置是在安装或升级rancher-backup operator 时配置的。

只有 Restore 自定义资源使用与创建备份相同的加密配置 secret 时,才能还原加密的备份。

备份

本节包含 Backup 自定义资源的示例。

在默认位置进行加密备份

  1. apiVersion: resources.cattle.io/v1
  2. kind: Backup
  3. metadata:
  4. name: default-location-encrypted-backup
  5. spec:
  6. resourceSetName: rancher-resource-set
  7. encryptionConfigSecretName: encryptionconfig

在默认位置进行定期备份

  1. apiVersion: resources.cattle.io/v1
  2. kind: Backup
  3. metadata:
  4. name: default-location-recurring-backup
  5. spec:
  6. resourceSetName: rancher-resource-set
  7. schedule: "@every 1h"
  8. retentionCount: 10

在默认位置进行加密的定期备份

  1. apiVersion: resources.cattle.io/v1
  2. kind: Backup
  3. metadata:
  4. name: default-enc-recurring-backup
  5. spec:
  6. resourceSetName: rancher-resource-set
  7. encryptionConfigSecretName: encryptionconfig
  8. schedule: "@every 1h"
  9. retentionCount: 3

Minio 中的加密备份

  1. apiVersion: resources.cattle.io/v1
  2. kind: Backup
  3. metadata:
  4. name: minio-backup
  5. spec:
  6. storageLocation:
  7. s3:
  8. credentialSecretName: minio-creds
  9. credentialSecretNamespace: default
  10. bucketName: rancherbackups
  11. endpoint: minio.sslip.io
  12. endpointCA: LS0tLS1CRUdJTi3VUFNQkl5UUT.....pbEpWaVzNkRS0tLS0t
  13. resourceSetName: rancher-resource-set
  14. encryptionConfigSecretName: encryptionconfig

使用 AWS Credential Secret 在 S3 中备份

  1. apiVersion: resources.cattle.io/v1
  2. kind: Backup
  3. metadata:
  4. name: s3-backup
  5. spec:
  6. storageLocation:
  7. s3:
  8. credentialSecretName: s3-creds
  9. credentialSecretNamespace: default
  10. bucketName: rancher-backups
  11. folder: ecm1
  12. region: us-west-2
  13. endpoint: s3.us-west-2.amazonaws.com
  14. resourceSetName: rancher-resource-set
  15. encryptionConfigSecretName: encryptionconfig

使用 AWS Credential Secret 在 S3 中进行定期备份

  1. apiVersion: resources.cattle.io/v1
  2. kind: Backup
  3. metadata:
  4. name: s3-recurring-backup
  5. spec:
  6. storageLocation:
  7. s3:
  8. credentialSecretName: s3-creds
  9. credentialSecretNamespace: default
  10. bucketName: rancher-backups
  11. folder: ecm1
  12. region: us-west-2
  13. endpoint: s3.us-west-2.amazonaws.com
  14. resourceSetName: rancher-resource-set
  15. encryptionConfigSecretName: encryptionconfig
  16. schedule: "@every 1h"
  17. retentionCount: 10

从具有访问 S3 的 IAM 权限的 EC2 节点进行备份

这个例子表明,如果运行 rancher-backup 的节点拥有这些访问 S3 的权限,就不必提供 AWS 的凭证 secret 来创建备份。

  1. apiVersion: resources.cattle.io/v1
  2. kind: Backup
  3. metadata:
  4. name: s3-iam-backup
  5. spec:
  6. storageLocation:
  7. s3:
  8. bucketName: rancher-backups
  9. folder: ecm1
  10. region: us-west-2
  11. endpoint: s3.us-west-2.amazonaws.com
  12. resourceSetName: rancher-resource-set
  13. encryptionConfigSecretName: encryptionconfig

恢复

本节包含 Restore 自定义资源的示例。

使用默认备份文件位置还原

  1. apiVersion: resources.cattle.io/v1
  2. kind: Restore
  3. metadata:
  4. name: restore-default
  5. spec:
  6. backupFilename: default-location-recurring-backup-752ecd87-d958-4d20-8350-072f8d090045-2020-09-26T12-29-54-07-00.tar.gz
  7. # encryptionConfigSecretName: test-encryptionconfig

恢复 Rancher 迁移

  1. apiVersion: resources.cattle.io/v1
  2. kind: Restore
  3. metadata:
  4. name: restore-migration
  5. spec:
  6. backupFilename: backup-b0450532-cee1-4aa1-a881-f5f48a007b1c-2020-09-15T07-27-09Z.tar.gz
  7. prune: false
  8. storageLocation:
  9. s3:
  10. credentialSecretName: s3-creds
  11. credentialSecretNamespace: default
  12. bucketName: rancher-backups
  13. folder: ecm1
  14. region: us-west-2
  15. endpoint: s3.us-west-2.amazonaws.com

从加密的备份中恢复

  1. apiVersion: resources.cattle.io/v1
  2. kind: Restore
  3. metadata:
  4. name: restore-encrypted
  5. spec:
  6. backupFilename: default-test-s3-def-backup-c583d8f2-6daf-4648-8ead-ed826c591471-2020-08-24T20-47-05Z.tar.gz
  7. encryptionConfigSecretName: encryptionconfig

从 Minio 恢复加密的备份

  1. apiVersion: resources.cattle.io/v1
  2. kind: Restore
  3. metadata:
  4. name: restore-minio
  5. spec:
  6. backupFilename: default-minio-backup-demo-aa5c04b7-4dba-4c48-9ac4-ab7916812eaa-2020-08-30T13-18-17-07-00.tar.gz
  7. storageLocation:
  8. s3:
  9. credentialSecretName: minio-creds
  10. credentialSecretNamespace: default
  11. bucketName: rancherbackups
  12. endpoint: minio.sslip.io
  13. endpointCA: LS0tLS1CRUdJTi3VUFNQkl5UUT.....pbEpWaVzNkRS0tLS0t
  14. encryptionConfigSecretName: test-encryptionconfig

使用 AWS 凭证 Secre 访问 S3 从备份中还原

  1. apiVersion: resources.cattle.io/v1
  2. kind: Restore
  3. metadata:
  4. name: restore-s3-demo
  5. spec:
  6. backupFilename: test-s3-recurring-backup-752ecd87-d958-4d20-8350-072f8d090045-2020-09-26T12-49-34-07-00.tar.gz.enc
  7. storageLocation:
  8. s3:
  9. credentialSecretName: s3-creds
  10. credentialSecretNamespace: default
  11. bucketName: rancher-backups
  12. folder: ecm1
  13. region: us-west-2
  14. endpoint: s3.us-west-2.amazonaws.com
  15. encryptionConfigSecretName: test-encryptionconfig

从具有 IAM 权限的 EC2 节点还原以访问 S3

这个例子表明,如果运行 rancher-backup 的节点拥有这些访问 S3 的权限,就不必提供 AWS 的凭证 secret 来从备份中还原。

  1. apiVersion: resources.cattle.io/v1
  2. kind: Restore
  3. metadata:
  4. name: restore-s3-demo
  5. spec:
  6. backupFilename: default-test-s3-recurring-backup-84bf8dd8-0ef3-4240-8ad1-fc7ec308e216-2020-08-24T10#52#44-07#00.tar.gz
  7. storageLocation:
  8. s3:
  9. bucketName: rajashree-backup-test
  10. folder: ecm1
  11. region: us-west-2
  12. endpoint: s3.us-west-2.amazonaws.com
  13. encryptionConfigSecretName: test-encryptionconfig

在 S3 中存储备份的凭证 Secret 示例

  1. apiVersion: v1
  2. kind: Secret
  3. metadata:
  4. name: creds
  5. type: Opaque
  6. data:
  7. accessKey: <Enter your base64-encoded access key>
  8. secretKey: <Enter your base64-encoded secret key>

EncryptionConfiguration 示例

  1. apiVersion: apiserver.config.k8s.io/v1
  2. kind: EncryptionConfiguration
  3. resources:
  4. - resources:
  5. - secrets
  6. providers:
  7. - aesgcm:
  8. keys:
  9. - name: key1
  10. secret: c2VjcmV0IGlzIHNlY3VyZQ==
  11. - name: key2
  12. secret: dGhpcyBpcyBwYXNzd29yZA==
  13. - aescbc:
  14. keys:
  15. - name: key1
  16. secret: c2VjcmV0IGlzIHNlY3VyZQ==
  17. - name: key2
  18. secret: dGhpcyBpcyBwYXNzd29yZA==
  19. - secretbox:
  20. keys:
  21. - name: key1
  22. secret: YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=