K8s学习笔记(五) Velero结合minnio业务数据备份与恢复
K8s学习笔记(五) Velero结合minnio数据备份与恢复
Velero(曾用名 Heptio Ark)是一款开源的 Kubernetes 集群数据备份与恢复工具,支持集群资源(Deployment、Service 等)和持久化存储数据(PV/PVC)的备份;MinIO 是兼容 S3 协议的对象存储服务,可作为 Velero 的备份存储后端,实现备份数据的集中存储与管理。本文将从原理、环境准备、部署配置、备份恢复操作及最佳实践等维度,全面讲解两者结合的方案。
1 部署minio
1.1 安装docker
1.2 拉取minio镜像
docker pull minio/minio:RELEASE.2022-04-12T06-55-35Z
1.3 创建数据目录
root@master1:~# mkdir /date/minio
1.4 创建minio容器
root@master1:~# docker run --name minio \
> -p 9000:9000 \
> -p 9999:9999 \
> -d --restart=always \
> -e "MINIO_ROOT_USER=admin" \
> -e "MINIO_ROOT_PASSWORD=12345678" \
> -v /data/minio/data:/data \
> minio/minio:RELEASE.2022-04-12T06-55-35Z server /data \
> --console-address '0.0.0.0:9999'
99b95868de5c3fd962fdec5fa63df5b7cdb834788e46824de7d4fb183a74dbb6
root@master1:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
99b95868de5c minio/minio:RELEASE.2022-04-12T06-55-35Z "/usr/bin/docker-ent…" 3 minutes ago Up 3 minutes 0.0.0.0:9000->9000/tcp, 0.0.0.0:9999->9999/tcp minio1.4 访问web页面创建velerodata
2 部署velero
2.1 下载安装包并解压
root@master1:/opt/velero# wget https://github.com/vmware-tanzu/velero/releases/download/v1.8.1/velero-v1.8.1-linux-amd64.tar.gz
--2025-09-24 13:26:12-- https://github.com/vmware-tanzu/velero/releases/download/v1.8.1/velero-v1.8.1-linux-amd64.tar.gz
Connecting to 192.168.121.1:7890... connected.
Proxy request sent, awaiting response... 302 Found
Location: https://release-assets.githubusercontent.com/github-production-release-asset/99143276/2a4ee768-146c-4b85-99ab-ff0b428e2b21?sp=r&sv=2018-11-09&sr=b&spr=https&se=2025-09-24T06%3A11%3A19Z&rscd=attachment%3B+filename%3Dvelero-v1.8.1-linux-amd64.tar.gz&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2025-09-24T05%3A10%3A39Z&ske=2025-09-24T06%3A11%3A19Z&sks=b&skv=2018-11-09&sig=7c1wPTpdDW9LlyMvbUHlRaeDyEHQgZG9LcHfzDf2fg0%3D&jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc1ODY5MTg3MiwibmJmIjoxNzU4NjkxNTcyLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.mAx5WKv284OZkedCa5DnRSfRULF6p2LCVu1bZQ4gEkM&response-content-disposition=attachment%3B%20filename%3Dvelero-v1.8.1-linux-amd64.tar.gz&response-content-type=application%2Foctet-stream [following]
--2025-09-24 13:26:13-- https://release-assets.githubusercontent.com/github-production-release-asset/99143276/2a4ee768-146c-4b85-99ab-ff0b428e2b21?sp=r&sv=2018-11-09&sr=b&spr=https&se=2025-09-24T06%3A11%3A19Z&rscd=attachment%3B+filename%3Dvelero-v1.8.1-linux-amd64.tar.gz&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2025-09-24T05%3A10%3A39Z&ske=2025-09-24T06%3A11%3A19Z&sks=b&skv=2018-11-09&sig=7c1wPTpdDW9LlyMvbUHlRaeDyEHQgZG9LcHfzDf2fg0%3D&jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc1ODY5MTg3MiwibmJmIjoxNzU4NjkxNTcyLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.mAx5WKv284OZkedCa5DnRSfRULF6p2LCVu1bZQ4gEkM&response-content-disposition=attachment%3B%20filename%3Dvelero-v1.8.1-linux-amd64.tar.gz&response-content-type=application%2Foctet-stream
Connecting to 192.168.121.1:7890... connected.
Proxy request sent, awaiting response... 200 OK
Length: 29570064 (28M) [application/octet-stream]
Saving to: ‘velero-v1.8.1-linux-amd64.tar.gz’velero-v1.8.1-linux-amd64.tar.gz 100%[=======================================================================================================================================================================>] 28.20M 4.86MB/s in 6.9s 2025-09-24 13:26:20 (4.09 MB/s) - ‘velero-v1.8.1-linux-amd64.tar.gz’ saved [29570064/29570064]root@master1:/opt/velero# tar xvf velero-v1.8.1-linux-amd64.tar.gz
velero-v1.8.1-linux-amd64/LICENSE
velero-v1.8.1-linux-amd64/examples/README.md
velero-v1.8.1-linux-amd64/examples/minio
velero-v1.8.1-linux-amd64/examples/minio/00-minio-deployment.yaml
velero-v1.8.1-linux-amd64/examples/nginx-app
velero-v1.8.1-linux-amd64/examples/nginx-app/README.md
velero-v1.8.1-linux-amd64/examples/nginx-app/base.yaml
velero-v1.8.1-linux-amd64/examples/nginx-app/with-pv.yaml
velero-v1.8.1-linux-amd64/velero# 将解压内容复制到bin目录
root@master1:/opt/velero# cp velero-v1.8.1-linux-amd64/velero /usr/local/bin/
2.2 配置velero认证环境
# 创建工作目录
root@master1:/opt/velero/velero-v1.8.1-linux-amd64# mkdir /data/velero -p
# 创建认证文件
root@master1:/data/velero# vim velero-auth.txt
# 准备user-csr文件
root@master1:/data/velero# vim awsuser-csr.json
{"CN": "awsuser","hosts": [],"key": {"algo": "rsa","size": 2048},"names": [{"C": "CN","ST": "BeiJing","L": "BeiJing","O": "k8s","OU": "System"}]
}
# 准备证书签发环境
root@master1:/data/velero# apt install golang-cfssl
root@master1:/data/velero# wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl_1.6.1_linux_amd64
root@master1:/data/velero# wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssljson_1.6.1_linux_amd64
root@master1:/data/velero# wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl-certinfo_1.6.1_linux_amd64
root@master1:/data/velero# mv cfssl-certinfo_1.6.1_linux_amd64 cfssl-certinfo
root@master1:/data/velero# mv cfssl_1.6.1_linux_amd64 cfssl
root@master1:/data/velero# mv cfssljson_1.6.1_linux_amd64 cfssljson
root@master1:/data/velero# ls
awsuser-csr.json cfssl cfssl-certinfo cfssljson velero-auth.txt
root@master1:/data/velero# cp cfssl-certinfo cfssl cfssljson /usr/local/bin/
root@master1:/data/velero# chmod +x /usr/local/bin/cfssl*# master1节点执行证书签发
root@master1:/data/velero# /usr/local/bin/cfssl gencert -ca=/etc/kubernetes/ssl/ca.pem -ca-key=/etc/kubernetes/ssl/ca-key.pem -config=/etc/kubeasz/clusters/k8s-01/ssl/ca-config.json -profile=kubernetes ./awsuser-csr.json | cfssljson -bare awsuser
2025/09/24 13:42:28 [INFO] generate received request
2025/09/24 13:42:28 [INFO] received CSR
2025/09/24 13:42:28 [INFO] generating key: rsa-2048
2025/09/24 13:42:28 [INFO] encoded CSR
2025/09/24 13:42:28 [INFO] signed certificate with serial number 516389167219572575663844410033161087693372577485
2025/09/24 13:42:28 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").root@master1:/data/velero# ll
total 40252
drwxr-xr-x 2 root root 166 Sep 24 13:42 ./
drwxr-xr-x 3 root root 20 Sep 24 13:37 ../
-rw-r--r-- 1 root root 221 Sep 24 13:40 awsuser-csr.json
-rw------- 1 root root 1675 Sep 24 13:42 awsuser-key.pem # 私钥
-rw-r--r-- 1 root root 997 Sep 24 13:42 awsuser.csr
-rw-r--r-- 1 root root 1387 Sep 24 13:42 awsuser.pem # 公钥
-rw-r--r-- 1 root root 16659824 Sep 24 13:40 cfssl
-rw-r--r-- 1 root root 13502544 Sep 24 13:40 cfssl-certinfo
-rw-r--r-- 1 root root 11029744 Sep 24 13:40 cfssljson
-rw-r--r-- 1 root root 70 Sep 24 13:40 velero-auth.txt
# 分发证书到api-server证书路径
root@master1:/data/velero# cp awsuser-key.pem /etc/kubernetes/ssl/
root@master1:/data/velero# cp awsuser.pem /etc/kubernetes/ssl/# 生成集群认证config文件
root@master1:/data/velero# kubectl config set-cluster kubernetes \
> --certificate-authority=/etc/kubernetes/ssl/ca.pem \
> --embed-certs=true \
> --server=${KUBE_APISERVER} \
> --kubeconfig=./awsuser.kubeconfig
Cluster "kubernetes" set.# 设置客户端证书认证:
root@master1:/data/velero# kubectl config set-credentials awsuser \
> --client-certificate=/etc/kubernetes/ssl/awsuser.pem \
> --client-key=/etc/kubernetes/ssl/awsuser-key.pem \
> --embed-certs=true \
> --kubeconfig=./awsuser.kubeconfig
User "awsuser" set.
root@master1:/data/velero# vim awsuser.kubeconfig
apiVersion: v1
clusters:
- cluster:certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURsRENDQW55Z0F3SUJBZ0lVZDVqR0VuQ1huSHkvNmozRUZ6ZDA2V0hBQ1RVd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURUxNQWtHQTFVRUJoTUNRMDR4RVRBUEJnTlZCQWdUQ0VoaGJtZGFhRzkxTVFzd0NRWURWUVFIRXdKWQpVekVNTUFvR0ExVUVDaE1EYXpoek1ROHdEUVlEVlFRTEV3WlRlWE4wWlcweEV6QVJCZ05WQkFNVENtdDFZbVZ5CmJtVjBaWE13SUJjTk1qVXdPVEl4TURneU1EQXdXaGdQTWpFeU5UQTRNamd3T0RJd01EQmFNR0V4Q3pBSkJnTlYKQkFZVEFrTk9NUkV3RHdZRFZRUUlFd2hJWVc1bldtaHZkVEVMTUFrR0ExVUVCeE1DV0ZNeEREQUtCZ05WQkFvVApBMnM0Y3pFUE1BMEdBMVVFQ3hNR1UzbHpkR1Z0TVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOCkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTAwS1NjQlJEV3dxN1h0NWkwTnlydk1WZFBKY2gKdVVoMzFLa2hMR3VOd1FVbUZJT1hHbGVYS1c5SjlPR2VMS1l6ZVhWUVNLWkNsb2x5cXQvUFAvVHVtb1J3OHpnZApMQVFSWHozLyt0NWY2MlRnZmVsZHR6OUtuU3FJNzlsNWlvYU12b3FBNURaNkNBd0Z6czhLMWg2Yko4UkFPZWRvCmQyQTJPcXNGcThwem5FRTJCL01sRkxZZk1ROGdJN0ZjbWdvUExNVldoUThqRW5IRTRzemsxWmc3MS9TT25FVHkKa1pmZEtWV2tac0J1TnJ1U1NDZHhzcVpEYW81eVVaVFJIVTdBYXAxRjhwUk9wVWFnSUhja1NFck5xa3pGRDNWMwpyQkhZZWcrSHBvb2xRVis4ZEhZWGZFUjFWMXUxdEI4a2xhR25NSGMvOEZuOTlxSHcyMDI4KzlvRjN3SURBUUFCCm8wSXdRREFPQmdOVkhROEJBZjhFQkFNQ0FRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QWRCZ05WSFE0RUZnUVUKbGc4M1NmZjdNVGdHQjc4Nk5JYjFrd1FKWjVZd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFFbjFPUEVDRlkwSwpKYXpJemtMSDd1ZnZPdG1wWnM1Mk1wVEhNTGRpRDhZQ1J1ZXhTUFJRRVBqRVB2OTlSc2lnanVIL1V1dlFlcDNFCjhWVkcvTEx6a2hyRndJTWtjYkVTWHRFTmxJY0ZlelhlZ2ZNbnhjSXdwMjNVSHdYRUxTeS9ieGVVUTF5TWdZaEoKQ3BTQ1lUb1RKRCtTYVhMNjV5TGkzK1dNUXlDQjlIejl3Ui8xMFdKUFJjd1IvYUlBbUN4cTZROUQzNjVkU0lCNgpOMkI0a2VBRURoTUdGTmQ1RFpYd3J1ZmVBR1kra241Z3VzaXVkWnJyMERpbFFubUVRSFhWKzRDVG1tRnBzVU1GCkpNRnhkRGhRR2kwSWJOVFUxRk9MSFYzQUUwcHZpM2crSXNZNTNDVGMzQkg5RllFTDJVYVJ3d0VwNy9reEtvMWoKSjA0dkhJTWxzelk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0Kserver: https://192.168.121.101:6443name: kubernetes
contexts: null
current-context: ""
kind: Config
preferences: {}
users:
- name: awsuseruser:client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQwakNDQXJxZ0F3SUJBZ0lVV25PdzdEc29QcDVNUW1jb25WUWxUOWxNMXMwd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURUxNQWtHQTFVRUJoTUNRMDR4RVRBUEJnTlZCQWdUQ0VoaGJtZGFhRzkxTVFzd0NRWURWUVFIRXdKWQpVekVNTUFvR0ExVUVDaE1EYXpoek1ROHdEUVlEVlFRTEV3WlRlWE4wWlcweEV6QVJCZ05WQkFNVENtdDFZbVZ5CmJtVjBaWE13SUJjTk1qVXdPVEkwTURVek56QXdXaGdQTWpBM05UQTVNVEl3TlRNM01EQmFNR0l4Q3pBSkJnTlYKQkFZVEFrTk9NUkF3RGdZRFZRUUlFd2RDWldsS2FXNW5NUkF3RGdZRFZRUUhFd2RDWldsS2FXNW5NUXd3Q2dZRApWUVFLRXdOck9ITXhEekFOQmdOVkJBc1RCbE41YzNSbGJURVFNQTRHQTFVRUF4TUhZWGR6ZFhObGNqQ0NBU0l3CkRRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFOV1NOaHphWVB2aEQwbjZpSEVVM05ZMnZMd3kKUFZEdndXYmg5c2lOZ0loOStHRzR4L09DTTVCdlJQc0dQNTd4c2FldWVGUTFvS1YzbGtzeVZNZWVEcTZTNFlucQpjeUxUZng1NUZ1ZkgwRnI0NVpNRDRUdWhSeTdtQWtBaXNPbStxa1IxL2RkN1JRa0xtaUJONWpTdzExRnlwRjFMCktZejcrcndrWmMxMHg3UGdpOG82K3ppb3NmWVlTdUdCSCtadU9CZExOdW11OEI3Z3ljeE5iVTYrSkgxRnpqTXoKWXFyTzlGVFpMY28rMk5YNGNrajRmM09qQWRFZWMyMnlkWU9QMzdBM2dBelBnMm9Lbi8ySEJvVGU1MUdIUHNINQpCNjZLWkpyVmRvcytmem45MWNFajliUXV2TW5mdXA0S0N6MFdyMVFYSy9FV0NIcm82UFhGN0J6WjI3a0NBd0VBCkFhTi9NSDB3RGdZRFZSMFBBUUgvQkFRREFnV2dNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUYKQlFjREFqQU1CZ05WSFJNQkFmOEVBakFBTUIwR0ExVWREZ1FXQkJURDFyaEdvM1Q4UHE1NTdscElmNlE3WjN5TwpNakFmQmdOVkhTTUVHREFXZ0JTV0R6ZEo5L3N4T0FZSHZ6bzBodldUQkFsbmxqQU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBUUVBR20xTENoT0t1M1YwUFB2bUtSb3pCV2tzL1VHM25FODM5K1k0Q3lJY3BBQ0NvVnA1aklGQjdUQWYKdTludEJUU3FTOWVDSVlsLzNaRzk0Y3h6ZmlVRDNwV2lvZDBWYkF6MlVuWnNoUTU4WTFrMlRwOFA5NCtPRXpjUApmQXdrWW03WlFlSHZTV2NwdTZwSHp0aFZIdlZQM2NPRWZEbG5keWtNbWFkd3ZXZTNZc0NaUGswTnBBTlI1eG5qCk8xRW1wUlVBSkxGRjEvb25KelZmZkdZd053UlFRSXdPYzcrekZoenFyQ0lES1dzZkp5a3VLdHhOZWt0cFBkMHkKblltaXVUR1NPTVdhVGxFMkxQeG85WGpXbXQxakFPbytBQ2RrUDZGQ3FGTnlMbDhBTjRJTE9KbEJya0xVZm5CTgpDTjNWTUtIam9CVjEyNUJDL3JIVEdjaFU4MGdBVFE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBMVpJMkhOcGcrK0VQU2ZxSWNSVGMxamE4dkRJOVVPL0JadUgyeUkyQWlIMzRZYmpICjg0SXprRzlFK3dZL252R3hwNjU0VkRXZ3BYZVdTekpVeDU0T3JwTGhpZXB6SXROL0hua1c1OGZRV3ZqbGt3UGgKTzZGSEx1WUNRQ0t3NmI2cVJIWDkxM3RGQ1F1YUlFM21OTERYVVhLa1hVc3BqUHY2dkNSbHpYVEhzK0NMeWpyNwpPS2l4OWhoSzRZRWY1bTQ0RjBzMjZhN3dIdURKekUxdFRyNGtmVVhPTXpOaXFzNzBWTmt0eWo3WTFmaHlTUGgvCmM2TUIwUjV6YmJKMWc0L2ZzRGVBRE0rRGFncWYvWWNHaE43blVZYyt3ZmtIcm9wa210VjJpejUvT2YzVndTUDEKdEM2OHlkKzZuZ29MUFJhdlZCY3I4UllJZXVqbzljWHNITm5idVFJREFRQUJBb0lCQUY4dm1EQ0ozL25DMkFhWAp3NkhxczNaQjFTSm5uYzVwM1IvV2pCL2NlVEhjT3d5S3g0c3ZOMzRqS1hKYjJaVWtrWkp6Znl2QTd3VndaQ3JGCmx1V1UrMlF4RUpaZ1NNcDN5c3N4R3RWWXgvTVR4WFlkbjQvdEZJWEJlN1ZNQU45YzNCUkJKazZZb1M4ajNhQ1MKTjR5NldHenpsSEFFSk5PeUpwRWVBOFZyUytwTjA4SVozVnQzT3JMdzllRStjK2VqWGdXRjRVSktMNkI3eUY3eApYOE9ESmh6MXRqQWhaYWZyWUk0ZzYxWm1rNnNicjBpRWdCaDBDK3NvRjA4MWhlTXVPWThpeStnVW5xdmR2VlpuCjB0NGlITi9ySS9oSFJvWUZLbmdiUldJN3lmUEp0bllPdG5LSnJQeDdaS3hjbFRYZ3RZTTRwU1l3dkNyek04dDcKSTFLamlkRUNnWUVBL1pvZ3dpYnNOUnA1MmtPdk5SWWxWVVhyZ1hmdzNxWk51Q0ZJNTVQQ0Yra09YTmROMmxreApWWWxBMXp6WStOYXVEVEZ5bWVjcDA5RlFzb0JvenBhOVhZV0JCRUVzYnRmZWJtL2ZrMWdDSmtsQmlYdWYyalVYClVxREUvVUZzR2NEdDRhNkpLaU4zSVMrMEJIYVpQWWdtd3ZrQms5bG94UUJ3Tk5TUy96K0NhbjBDZ1lFQTE1Y3YKSVgxMm9rTlFVdjJ1ckpnY2RCQVZpOC9UR29UT1dCVjBmWTNmOW1MeHpLYUwvUDh0WVFLczRMaDhEcUJ3WGlHVAo1WmZMdGdNMFNOV0wzYzArTy9nc2pyZ0xQMmcvc1UrZ2V0T3p1QXhxOExxZGNna3dVT3VtTHU5elRQOWhTUG5ECnlDNFhFTGhGOFMwRE40cTZlN0NVZExRRWdHS1lEbU56Sk5ZUFB1MENnWUFmNzVIaWdUNUxyYXJjcHB0Z3h3b3EKZytTVmFFSkg5NDlmK2FrUnFKVFBxQVNzQWwwR2V5YndTNW1Ed1dEZGJVTjcyOWMvdEZHYklBZldncjh3RE9HSgo3bThCMXljK1NpYnpwMWp6V0NqbEkyS0NhclFGcVp2blJ1R250dDVqRzkyWkJ2NjA5TVJpeEh3Wjk4bHlhenZlClg3Y29KRC9DVnp6S0dsN3NqOVhmalFLQmdFazhnM2MxL3JINmVmUG5WNG9zRmlaYlBHYUZUK3BIU1MxbEJIQ08KWEpGL1pUS25OUkRad3BtYzVndGt3RWZidXJCUGFjVnB2bnJ6TmJTMFRsSW5vY2VQYzl0N3E5NTdWSCt3VkF6RgprOXltNDBFcHM4aUVWSlI0cUxoekFWRWJ3L21kVnlQT2ZHbGluK2ZnNmFIWmo2WHJBMU50djhXNU9IeFN6aytxCkkvMjFBb0dBR2NzdkNpM1VvcmZiMmtucFBqTTdxalhpeFVxTzcxeDhzUzVWWXFYQWtqclJ4eUo3Yy9QY1ZZS2kKS1M3d3RPb0ViWXBQRWhXRW5ZUHp4VEpoUkxTZk5HSG1yb21GTEoxM0c2OTFuWXE4QjlGcUp0akE3Qkh0NGVFdQpBWENzK3RTS2NteGNaZFltcW8xWVlnK3piTmxNSk0weFl0d1k3QW94OXR5WURXVHBkVk09Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==# 设置上下文参数
root@master1:/data/velero# kubectl config set-context kubernetes \
> --cluster=kubernetes \
> --user=awsuser \
> --namespace=velero-system \
> --kubeconfig=./awsuser.kubeconfig
Context "kubernetes" created.
# 设置默认上下文
root@master1:/data/velero# kubectl config use-context kubernetes --kubeconfig=awsuser.kubeconfig
Switched to context "kubernetes".2.3 启动velero
# k8s集群中创建awsuser账户
oot@master1:/data/velero# kubectl create clusterrolebinding awsuser --clusterrole=cluster-admin --user=awsuser
clusterrolebinding.rbac.authorization.k8s.io/awsuser created
# 创建namespace
root@master1:/data/velero# kubectl create ns velero-system
namespace/velero-system created# 执行安装
root@master1:/data/velero# velero --kubeconfig ./awsuser.kubeconfig \
> install \
> --provider aws \
> --plugins velero/velero-plugin-for-aws:v1.3.1 \
> --bucket velerodata \
> --secret-file ./velero-auth.txt \
> --use-volume-snapshots=false \
> --namespace velero-system \
> --backup-location-config region=minio,s3ForcePathStyle="true",s3Url=http://192.168.121.106:9000
CustomResourceDefinition/backups.velero.io: attempting to create resource
CustomResourceDefinition/backups.velero.io: attempting to create resource client
CustomResourceDefinition/backups.velero.io: created
CustomResourceDefinition/backupstoragelocations.velero.io: attempting to create resource
CustomResourceDefinition/backupstoragelocations.velero.io: attempting to create resource client
CustomResourceDefinition/backupstoragelocations.velero.io: created
CustomResourceDefinition/deletebackuprequests.velero.io: attempting to create resource
CustomResourceDefinition/deletebackuprequests.velero.io: attempting to create resource client
CustomResourceDefinition/deletebackuprequests.velero.io: created
CustomResourceDefinition/downloadrequests.velero.io: attempting to create resource
CustomResourceDefinition/downloadrequests.velero.io: attempting to create resource client
CustomResourceDefinition/downloadrequests.velero.io: created
CustomResourceDefinition/podvolumebackups.velero.io: attempting to create resource
CustomResourceDefinition/podvolumebackups.velero.io: attempting to create resource client
CustomResourceDefinition/podvolumebackups.velero.io: created
CustomResourceDefinition/podvolumerestores.velero.io: attempting to create resource
CustomResourceDefinition/podvolumerestores.velero.io: attempting to create resource client
CustomResourceDefinition/podvolumerestores.velero.io: created
CustomResourceDefinition/resticrepositories.velero.io: attempting to create resource
CustomResourceDefinition/resticrepositories.velero.io: attempting to create resource client
CustomResourceDefinition/resticrepositories.velero.io: created
CustomResourceDefinition/restores.velero.io: attempting to create resource
CustomResourceDefinition/restores.velero.io: attempting to create resource client
CustomResourceDefinition/restores.velero.io: created
CustomResourceDefinition/schedules.velero.io: attempting to create resource
CustomResourceDefinition/schedules.velero.io: attempting to create resource client
CustomResourceDefinition/schedules.velero.io: created
CustomResourceDefinition/serverstatusrequests.velero.io: attempting to create resource
CustomResourceDefinition/serverstatusrequests.velero.io: attempting to create resource client
CustomResourceDefinition/serverstatusrequests.velero.io: created
CustomResourceDefinition/volumesnapshotlocations.velero.io: attempting to create resource
CustomResourceDefinition/volumesnapshotlocations.velero.io: attempting to create resource client
CustomResourceDefinition/volumesnapshotlocations.velero.io: created
Waiting for resources to be ready in cluster...
Namespace/velero-system: attempting to create resource
Namespace/velero-system: attempting to create resource client
Namespace/velero-system: already exists, proceeding
Namespace/velero-system: created
ClusterRoleBinding/velero-velero-system: attempting to create resource
ClusterRoleBinding/velero-velero-system: attempting to create resource client
ClusterRoleBinding/velero-velero-system: created
ServiceAccount/velero: attempting to create resource
ServiceAccount/velero: attempting to create resource client
ServiceAccount/velero: created
Secret/cloud-credentials: attempting to create resource
Secret/cloud-credentials: attempting to create resource client
Secret/cloud-credentials: created
BackupStorageLocation/default: attempting to create resource
BackupStorageLocation/default: attempting to create resource client
BackupStorageLocation/default: created
Deployment/velero: attempting to create resource
Deployment/velero: attempting to create resource client
Deployment/velero: created
Velero is installed! ⛵ Use 'kubectl logs deployment/velero -n velero-system' to view the status.# 查看pod状态
root@master1:/data/velero# kubectl get pods -n velero-system
NAME READY STATUS RESTARTS AGE
velero-6755cb8697-b87p9 1/1 Running 0 2m7s
# 验证安装
root@master1:/data/velero# kubectl describe pod velero-6755cb8697-b87p9 -n velero-system
Name: velero-6755cb8697-b87p9
Namespace: velero-system
Priority: 0
Node: 192.168.121.111/192.168.121.111
Start Time: Wed, 24 Sep 2025 14:06:05 +0800
Labels: component=velerodeploy=veleropod-template-hash=6755cb8697
Annotations: prometheus.io/path: /metricsprometheus.io/port: 8085prometheus.io/scrape: true
Status: Running
IP: 10.200.166.1623 namespace备份与恢复
3.1 备份
# velero backup create 备份名 --include-namespaces(指定备份的namespace) myapp -n 指定velero所在的namespece
root@master1:/data/velero# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
default net-test2 1/1 Running 1 (15h ago) 2d18h
default net-test3 1/1 Running 3 (15h ago) 2d18h
default net-test4 1/1 Running 1 (15h ago) 21h
kube-system calico-kube-controllers-754966f84c-nb8mt 1/1 Running 8 (15h ago) 2d21h
kube-system calico-node-29mld 1/1 Running 4 (15h ago) 2d21h
kube-system calico-node-4rnzt 1/1 Running 6 (15h ago) 2d21h
kube-system calico-node-p4ddl 1/1 Running 4 (15h ago) 2d21h
kube-system calico-node-rn7fk 1/1 Running 10 (15h ago) 2d21h
kube-system coredns-7db6b45f67-ht47r 1/1 Running 2 (15h ago) 43h
kube-system coredns-7db6b45f67-xpzmr 1/1 Running 3 (15h ago) 42h
kubernetes-dashboard dashboard-metrics-scraper-69d947947b-94c4p 1/1 Running 4 (15h ago) 40h
kubernetes-dashboard kubernetes-dashboard-744bdb9f9b-f2zns 1/1 Running 4 (15h ago) 40h
myapp linux66-tomcat-app1-deployment-667c9cf879-hz98v 1/1 Running 0 92m
velero-system velero-6755cb8697-b87p9 1/1 Running 0 13mroot@master1:/data/velero# velero backup create chenjun666-20250924 --include-namespaces myapp -n velero-system
Backup request "chenjun666-20250924" submitted successfully.
Run `velero backup describe chenjun666-20250924` or `velero backup logs chenjun666-20250924` for more details.# 定时任务脚本自动备份
root@master1:/data/velero# crontab -e
* 0 * * * * DATE=`date +%Y%m%d%H%M%S` && velero backup create myapp-ns-backup-${DATE} --include-namespaces myapp --kubeconfig=./awsuser.kubeconfig --namespace velero-system
# 手动备份
root@master1:/data/velero# DATE=`date +%Y%m%d%H%M%S` && velero backup create myapp-ns-backup-${DATE} --include-namespaces myapp --kubeconfig=./awsuser.kubeconfig --namespace velero-system
Backup request "myapp-ns-backup-20250924142245" submitted successfully.
Run `velero backup describe myapp-ns-backup-20250924142245` or `velero backup logs myapp-ns-backup-20250924142245` for more details.web页面查看是否备份成功
3.2 恢复
root@master1:/data/velero# kubectl get deployments.apps -n myapp
NAME READY UP-TO-DATE AVAILABLE AGE
linux66-tomcat-app1-deployment 1/1 1 1 102m
root@master1:/data/velero# kubectl get svc -n myapp
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
linux66-tomcat-app1-service ClusterIP 10.100.253.206 <none> 80/TCP 102m
root@master1:/data/velero# kubectl get pod -n myapp
NAME READY STATUS RESTARTS AGE
linux66-tomcat-app1-deployment-667c9cf879-hz98v 1/1 Running 0 102m# 删除service
root@master1:/data/velero# kubectl delete svc linux66-tomcat-app1-service -n myapp
service "linux66-tomcat-app1-service" deleted
# 删除deployment
root@master1:/data/velero# kubectl delete deployments linux66-tomcat-app1-deployment -n myapp
deployment.apps "linux66-tomcat-app1-deployment" deletedroot@master1:/data/velero# kubectl get pods -n myapp
No resources found in myapp namespace.# 恢复备份
root@master1:/data/velero# velero restore create --from-backup myapp-ns-backup-20250924142627 --wait --kubeconfig=./awsuser.kubeconfig --namespace velero-system
Restore request "myapp-ns-backup-20250924142627-20250924145217" submitted successfully.
Waiting for restore to complete. You may safely press ctrl-c to stop waiting - your restore will continue in the background.Restore completed with status: Completed. You may check for more information using the commands `velero restore describe myapp-ns-backup-20250924142627-20250924145217` and `velero restore logs myapp-ns-backup-20250924142627-20250924145217`.root@master1:/data/velero# kubectl get pods -n myapp
NAME READY STATUS RESTARTS AGE
linux66-tomcat-app1-deployment-667c9cf879-hz98v 1/1 Running 0 27s