duyanghao / velero-volume-controller Goto Github PK

View Code? Open in Web Editor NEW

19.0 6.0 7.0 228 KB

Kubernetes controller for velero that detects and adds relevant backup annotation to pods with volumes

Home Page: https://github.com/vmware-tanzu/velero/blob/master/site/docs/master/restic.md#add-backup-annotation

License: Apache License 2.0

Makefile 4.61% Go 89.42% Dockerfile 4.00% Shell 1.97%

velero velero-restic kubernetes-controller velero-volume-controller

velero-volume-controller's Introduction

velero-volume-controller

velero-volume-controller is a Kubernetes controller for velero that detects and adds relevant backup annotation to pods with volumes

Overview

velero is one of the best bur(backup and restore) tools for workloads running on Kubernetes, and its Restic Integration capability provides an out-of-the-box solution for backing up and restoring almost any type of Kubernetes volume*, so we can use Velero with Restic Integration to backup and restore Kubernetes applications and its relevant volumes data.

But one requirement of velero Restic Integration is that users have to add relevant backup annotation to pods, defining which pod volume(s) they want to back up, and in the meantime velero hasn't provided a do-one-command or automatic way to backup all volume resources in the cluster without annotations. Therefore, users have to add backup annotation for all pods with volumes in cluster by hand, which is complicated and unpractical in a production environment.

To solve this, velero-volume-controller helps users to do this dull job automatically.

Precondition

Velero's restic integration requires the Kubernetes MountPropagation feature, which is enabled by default in Kubernetes v1.10.0 and later.

Principle

The logic of velero-volume-controller is kept as simple as possible - watch pod ADD|UPDATE events and add relevant backup annotation to pods with volumes as below:

Running

External

velero-volume-controller can be run outside of the kubernetes as below:

$ bash hack/start.sh

Internal

Running velero-volume-controller inside a kubernetes is more convenient compared with the external as this controller has added Leader Election Mechanism and Kubernetes deployment helps to keep it high-available:

# Generated image
$ make dockerfiles.build
# Retag and push to your docker registry
$ docker tag duyanghao/velero-volume-controller:v2.0 xxx/duyanghao/velero-volume-controller:v2.0
$ docker push xxx/duyanghao/velero-volume-controller:v2.0
# Update the deployment 'Image' field with the built image name
$ sed -i 's|REPLACE_IMAGE|xxx/duyanghao/velero-volume-controller:v2.0|g' examples/deployment/velero-volume-controller.yaml
# Create ClusterRole and ClusterRoleBinding
$ kubectl apply -f examples/deployment/cluster-role.yaml
$ kubectl apply -f examples/deployment/cluster-role-binding.yaml
# Create ConfigMap
$ kubectl apply -f examples/deployment/configmap.yaml -nvelero
# Create velero-volume-controller deployment
$ kubectl apply -f examples/deployment/velero-volume-controller.yaml -nvelero

Configuration

The following table lists the configurable parameters of the velero-volume-controller and the default values.

Parameter	Description	Default
ClusterServerCfg
`clusterServerCfg.masterURL`	The address of the Kubernetes API server. Overrides any value in kubeconfig. Only required if out-of-cluster.
`clusterServerCfg.kubeConfig`	Path to a kubeconfig. Only required if out-of-cluster.
`clusterServerCfg.leaseLockNamespace`	The Namespace of LeaseLock object for controller Leader Election.	`velero`
`clusterServerCfg.leaseLockName`	The Name of LeaseLock object for controller Leader Election.	`velero-volume-controller`
veleroVolumeCfg
`veleroVolumeCfg.includeNamespaces`	The comma-separated list of namespaces to include in the backup annotation addition (default: all namespaces).
`veleroVolumeCfg.excludeNamespaces`	The comma-separated list of namespaces to exclude from the backup annotation addition.
`veleroVolumeCfg.includeVolumeTypes`	The comma-separated list of volume types to include in the backup annotation addition (default: all volume types).	`persistentVolumeClaim`
`veleroVolumeCfg.excludeVolumeTypes`	The comma-separated list of volume types to exclude from the backup annotation addition.
`veleroVolumeCfg.excludeJobs`	The comma-separated list of job names to exclude from the backup annotation addition (support basic string globs).

Roadmap

velero-volume-controller will follow upstream vmware-tanzu/velero support for Restic Integration.

Refs

velero-volume-controller's People

Contributors

Stargazers

Watchers

Forkers

lht2017 etumulka utopia-planitia adferrand gui13 smoothify braincube-io

velero-volume-controller's Issues

velero-volume-controller pods failed with Error loading veleroVolumeConfig

When I tried to run velero-volume-config image, I'm getting the following error:

$kubectl logs velero-volume-controller-84d55645b-7gdg6 F0825 10:40:04.323837       
1 main.go:50] Error loading veleroVolumeConfig: Failed to parse configuration,error: yaml: line 11: did not find expected alphabetic or numeric character

$kubectl describe pod velero-volume-controller-84d55645b-7gdg6 
Warning  BackOff    13s (x2 over 14s)  kubelet, gke-gke-cluster1-default-pool-01c166e2-mhth  Back-off restarting failed container

$ kubectl get pods 
NAME                                                 READY   STATUS             RESTARTS   AGE velero-volume-controller-84d55645b-7gdg6             0/1     CrashLoopBackOff   1          10s velero-volume-controller-84d55645b-d522w             0/1     CrashLoopBackOff   1          10s velero-volume-controller-84d55645b-wz4t2             0/1     CrashLoopBackOff   1          10s

$ cat examples/config.yaml
clusterServerCfg:
  masterURL:
  kubeConfig:
  leaseLockNamespace: velero
  leaseLockName: velero-volume-controller
veleroVolumeCfg:
  includeNamespaces:
  excludeNamespaces:
  includeVolumeTypes: persistentVolumeClaim
  excludeVolumeTypes:
  excludeJobs: *

$ kubectl describe cm
Name:         velero-volume-controller
Namespace:    default
Labels:       <none>
Annotations:
Data
====
config.yml:
----
clusterServerCfg:
  masterURL:
  kubeConfig:
  leaseLockNamespace: velero
  leaseLockName: velero-volume-controller
veleroVolumeCfg:
  includeNamespaces:
  excludeNamespaces:
  includeVolumeTypes: persistentVolumeClaim
  excludeVolumeTypes: gcePersistentDisk
  excludeJobs: *

Events:  <none>

One of the line which I found interesting while building the docker image:

Step 18/19 : COPY examples /velero-volume-controller/examples ---> 7f48a1722494 Step 19/19 : ENTRYPOINT ["./velero-volume-controller", "-c", "/velero-volume-controller/examples/config.yml", "-v", "4", "-logtostderr", "true"] ---> Running in 02305918bbfb Removing intermediate container 02305918bbfb ---> 603df5d60423 Successfully built 603df5d60423

It is actually trying to create entrypoint with examples/config.yml while we actually have config.YAML

I have created the docker image by running "make dockerfiles.build". This image has been pushed to my private gcr repo and being used.

When I tried to run it outside kubernetes cluster, I'm getting the below error:

$ bash hack/start.sh
Start velero-volume-controller now ...
cd cmd/controller && GO111MODULE=on go build -mod=vendor -v -o ../.././build/velero-volume-controller/velero-volume-controller
build github.com/google/uuid: cannot load github.com/google/uuid: open /tmp/velero-volume-controller/vendor/github.com/google/uuid: no such file or
directory
make: *** [Makefile:38: src.build] Error 1

I'm running these commands in google cloud shell (if that helps)

Can't build dockerfile

I can't build docker image.

Step to reproduce:

Clone repo

git clone https://github.com/duyanghao/velero-volume-controller.git
cd velero-volume-controller

git log -1 --pretty=oneline
42bbedceb9c72e82d347b740ff0099725a6c0f67 update logs

Try to build docker image as described in README:

make dockerfiles.build 
docker build --tag duyanghao/velero-volume-controller:v2.0 -f ./docker/Dockerfile .
Sending build context to Docker daemon  631.8kB
Step 1/20 : FROM golang:1.13-alpine3.10
 ---> b9f7ee0b3ccf
Step 2/20 : RUN apk add --update make
 ---> Using cache
 ---> 52a2ce393324
Step 3/20 : WORKDIR /go/src/github.com/duyanghao/velero-volume-controller
 ---> Using cache
 ---> 0e9f975119c3
Step 4/20 : COPY cmd /go/src/github.com/duyanghao/velero-volume-controller/cmd
 ---> Using cache
 ---> 1715b4b964e0
Step 5/20 : COPY pkg /go/src/github.com/duyanghao/velero-volume-controller/pkg
 ---> Using cache
 ---> 399eb49086f0
Step 6/20 : COPY Makefile /go/src/github.com/duyanghao/velero-volume-controller
 ---> Using cache
 ---> f587b14405be
Step 7/20 : COPY go.mod /go/src/github.com/duyanghao/velero-volume-controller
 ---> Using cache
 ---> 0479c988c544
Step 8/20 : COPY go.sum /go/src/github.com/duyanghao/velero-volume-controller
 ---> Using cache
 ---> 1656068266ef
Step 9/20 : COPY vendor /go/src/github.com/duyanghao/velero-volume-controller/vendor
COPY failed: stat /var/lib/docker/tmp/docker-builder704045182/vendor: no such file or directory
Makefile:70: recipe for target 'dockerfiles.build' failed
make: *** [dockerfiles.build] Error 1

I use docker version=19.03.8

docker version
Client: Docker Engine - Community
 Version:           19.03.8
 API version:       1.40
 Go version:        go1.12.17
 Git commit:        afacb8b7f0
 Built:             Wed Mar 11 01:25:46 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.8
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.17
  Git commit:       afacb8b7f0
  Built:            Wed Mar 11 01:24:19 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.13
  GitCommit:        7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

can we exclude pod from some namespace

Nice project !!

can we exclude pod from some namespace?

Annotation of pods which are started by a Job

We are successfully using the Velero Volume Controller and are very happy to be able to automate the annotation process.

The only problem we have is that even Pods that have a Job resource as their owner will have an annotation added by the controller.

In this particular case, we have a Job resource that makes backups of the database. The Pod that does the backup writes the backup to a volume. When the Pod is started, the annotation is set. After the backup is finished, the Pod quits and gets the status Succeeded. If Velero then tries to do a restic backup of the volume, an error occurs.

Is it possible for the controller to remove the annotation when the Pod exits?

Or is there a much better solution to my problem?

error in building docker images.

Getting error when building docker images.

Step 16/19 : WORKDIR /go/bin
 ---> bf533388eca8
Removing intermediate container ccd67254bac3
Step 17/19 : COPY --from=0 /go/bin /go/bin
Unknown flag: from
make: *** [dockerfiles.build] Error 1

Do you have any ready docker image ?

restore pvs of cluster

Hello, @duyanghao!
I would like to backup whole cluster with velero and velero-volume-controller.
Since velero-volume-controller pod is running before
vlero backup create..,
all pvc binded to pods will be backed up by velero.
What do you think about backup of pvc, that are not binded to any pod at moment of backup creating?
What do you think about backup of pv without binding to any pvc at moment of backup creaing?
As for restoring of pvs, pvcs from backup - is it correct that before run
velero restore create..
cluster admin must delete all resources of cluster since velero can not load existing resources?
Thank you.

Project still useful ?

Velero 1.5 introduced the opt-out approach, to back up all pod volumes using restic with the exception of:

volumes mounting the default service account token, kubernetes secrets, and config maps
hostpath volumes

But this does not seem optimal because with this approach all the volumes are backuped using restic, while depending on their storage class, some volumes could be snapshotted and others backed up with restic.
So this project can still be useful if it supports to add annotations to pods basing on storage class of volumes.

Ignore PVC according to their storage class

By default Velero backup volumes using snapshot feature of cloud provider. But not all storage class support snapshot feature. For example on Azure, Azure Disks can be snapshoted but Azure files can not.
So it is unfortunate to annotate volumes allowing snapshot with annotation indicating that they should be backup using restic. To avoid this we could add a option to this controller to exclude some storage class.

leaderelection errror

Hi,

I try to install velero-volume-controller

Here the logs :

E0417 04:32:24.215510       1 leaderelection.go:324] error initially creating leader election record: 
the server could not find the requested resource
I0417 04:32:24.215527       1 leaderelection.go:247] failed to acquire lease backup/velero-volume- 
controller

K8S 1.13

I try also to change in cluster-role.yaml leases to endpoints but same error.

Regards

Add Helm chart

We should add a Helm chart for velero-volume-controller to this repository.
It is a very useful to configure and install the controller in a k8s cluster.