VolumeSnapshotMover relocates snapshots off of the cluster into an object store to be used during a restore process to recover stateful applications in instances such as cluster deletion or disaster.
Design Proposal: https://github.com/openshift/oadp-operator/blob/master/docs/design/datamover.md
- Getting Started
- Quickstart using Volume Snapshot Mover:
-
Have a stateful application running in a separate namespace.
-
Have an appropriate StorageClass and VolumeShapshotClass. Make sure there is only one default of each.
- Include the label
velero.io/csi-volumesnapshot-class: 'true'
in yourVolumeSnapshotClass
to let Velero know which to use. deletionPolicy
must be set toRetain
for theVolumeSnapshotClass
.
- Include the label
apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshotClass
metadata:
name: example-snapclass
labels:
velero.io/csi-volumesnapshot-class: 'true'
annotations:
snapshot.storage.kubernetes.io/is-default-class: 'true'
driver: ebs.csi.aws.com
deletionPolicy: Retain
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: gp2-csi
annotations:
storageclass.kubernetes.io/is-default-class: 'true'
provisioner: ebs.csi.aws.com
parameters:
type: gp2
reclaimPolicy: Delete
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true
-
Install the OADP Operator using OLM.
-
Install the VolSync operator using OLM.
- We will be using VolSync's Restic option, hence configure a restic secret
cat << EOF > ./restic-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: <secret-name>
type: Opaque
stringData:
# The repository encryption key
RESTIC_PASSWORD: my-secure-restic-password
EOF
- Create a DPA similar to below:
- Add the restic secret name from the previous step to your DPA CR in
spec.features.dataMover.credentialName
.
If this step is not completed then it will default to the secret namedm-credential
. - Note the CSI
defaultPlugin
anddataMover.enable
flag.
- Add the restic secret name from the previous step to your DPA CR in
apiVersion: oadp.openshift.io/v1alpha1
kind: DataProtectionApplication
metadata:
name: velero-sample
namespace: openshift-adp
spec:
features:
dataMover:
enable: true
credentialName: <secret-name>
backupLocations:
- velero:
config:
profile: default
region: us-east-1
credential:
key: cloud
name: cloud-credentials
default: true
objectStorage:
bucket: <bucket-name>
prefix: <bucket-prefix>
provider: aws
configuration:
restic:
enable: false #[true, false]
velero:
defaultPlugins:
- openshift
- aws
- csi
- vsm
featureFlags:
- EnableCSI
- Create a backup CR:
apiVersion: velero.io/v1
kind: Backup
metadata:
name: <backup-name>
namespace: <protected-ns>
spec:
includedNamespaces:
- <app-ns>
storageLocation: velero-sample-1
- Wait several minutes and check the VolumeSnapshotBackup CR status for completed:
VolumeSnapshotBackup status:
oc get vsb -n <app-ns>
oc get vsb <vsb-name> -n <app-ns> -ojsonpath="{.status.phase}"
Alternatively one can use Velero / OADP status:
oc get backup
oc get backup <name> -ojsonpath="{.status.phase}"
- There should now be a snapshot in the object store that was given in the restic secret.
-
Make sure the application namespace is deleted, as well as the volumeSnapshotContent that was created by the Velero CSI plugin.
-
Create a restore CR:
- Make sure
restorePVs
is set totrue
.
- Make sure
apiVersion: velero.io/v1
kind: Restore
metadata:
name: <restore-name>
namespace: <protected-ns>
spec:
backupName: <previous-backup-name>
restorePVs: true
- Wait several minutes and check the VolumeSnapshotRestore CR status for completed:
oc get vsr -n <app-ns>
oc get vsr <vsr-name> -n <app-ns> -ojsonpath="{.status.phase}
- Check that your application data has been restored:
oc get route <route-name> -n <app-ns> -ojsonpath="{.spec.host}"