Red Hat Summit4.6.
4.6.1.
링크 복사링크가 클립보드에 복사되었습니다!
참고
참고
중요
참고
참고
4.6.1.1.
링크 복사링크가 클립보드에 복사되었습니다!
4.6.1.1.1.
링크 복사링크가 클립보드에 복사되었습니다!
참고
4.6.1.1.2.
링크 복사링크가 클립보드에 복사되었습니다!
참고
4.6.1.1.3.
링크 복사링크가 클립보드에 복사되었습니다!
4.6.1.2.
링크 복사링크가 클립보드에 복사되었습니다!
주의
참고
4.6.1.3.
링크 복사링크가 클립보드에 복사되었습니다!
참고
4.6.1.4.
링크 복사링크가 클립보드에 복사되었습니다!
4.6.1.5.
링크 복사링크가 클립보드에 복사되었습니다!
4.6.1.5.1.
링크 복사링크가 클립보드에 복사되었습니다!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
참고
4.6.1.5.2.
링크 복사링크가 클립보드에 복사되었습니다!
중요
resources:
mds:
limits:
cpu: "3"
memory: 128Gi
requests:
cpu: "3"
memory: 8Gi4.6.2.
링크 복사링크가 클립보드에 복사되었습니다!
4.6.2.1.
링크 복사링크가 클립보드에 복사되었습니다!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4.6.3.
링크 복사링크가 클립보드에 복사되었습니다!
참고
4.6.3.1.
링크 복사링크가 클립보드에 복사되었습니다!
4.6.3.2.
링크 복사링크가 클립보드에 복사되었습니다!
$ BUCKET=<your_bucket>$ REGION=<your_region>$ aws s3api create-bucket \ --bucket $BUCKET \ --region $REGION \ --create-bucket-configuration LocationConstraint=$REGION1 $ aws iam create-user --user-name velero1 $ cat > velero-policy.json <<EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeVolumes", "ec2:DescribeSnapshots", "ec2:CreateTags", "ec2:CreateVolume", "ec2:CreateSnapshot", "ec2:DeleteSnapshot" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:DeleteObject", "s3:PutObject", "s3:AbortMultipartUpload", "s3:ListMultipartUploadParts" ], "Resource": [ "arn:aws:s3:::${BUCKET}/*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetBucketLocation", "s3:ListBucketMultipartUploads" ], "Resource": [ "arn:aws:s3:::${BUCKET}" ] } ] } EOF$ aws iam put-user-policy \ --user-name velero \ --policy-name velero \ --policy-document file://velero-policy.json$ aws iam create-access-key --user-name velero{ "AccessKey": { "UserName": "velero", "Status": "Active", "CreateDate": "2017-07-31T22:24:41.576Z", "SecretAccessKey": <AWS_SECRET_ACCESS_KEY>, "AccessKeyId": <AWS_ACCESS_KEY_ID> } }$ cat << EOF > ./credentials-velero [default] aws_access_key_id=<AWS_ACCESS_KEY_ID> aws_secret_access_key=<AWS_SECRET_ACCESS_KEY> EOF
4.6.3.3.
링크 복사링크가 클립보드에 복사되었습니다!
중요
4.6.3.3.1.
링크 복사링크가 클립보드에 복사되었습니다!
참고
$ oc create secret generic cloud-credentials -n openshift-adp --from-file cloud=credentials-velero
4.6.3.3.2.
링크 복사링크가 클립보드에 복사되었습니다!
[backupStorage] aws_access_key_id=<AWS_ACCESS_KEY_ID> aws_secret_access_key=<AWS_SECRET_ACCESS_KEY> [volumeSnapshot] aws_access_key_id=<AWS_ACCESS_KEY_ID> aws_secret_access_key=<AWS_SECRET_ACCESS_KEY>$ oc create secret generic cloud-credentials -n openshift-adp --from-file cloud=credentials-velero1 apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: <dpa_sample> namespace: openshift-adp spec: ... backupLocations: - name: default velero: provider: aws default: true objectStorage: bucket: <bucket_name> prefix: <prefix> config: region: us-east-1 profile: "backupStorage" credential: key: cloud name: cloud-credentials snapshotLocations: - velero: provider: aws config: region: us-west-2 profile: "volumeSnapshot"
4.6.3.3.3.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: BackupStorageLocation metadata: name: default namespace: openshift-adp spec: provider: aws1 objectStorage: bucket: <bucket_name>2 prefix: <bucket_prefix>3 credential:4 key: cloud5 name: cloud-credentials6 config: region: <bucket_region>7 s3ForcePathStyle: "true"8 s3Url: <s3_url>9 publicUrl: <public_s3_url>10 serverSideEncryption: AES25611 kmsKeyId: "50..c-4da1-419f-a16e-ei...49f"12 customerKeyEncryptionFile: "/credentials/customer-key"13 signatureVersion: "1"14 profile: "default"15 insecureSkipTLSVerify: "true"16 enableSharedConfig: "true"17 tagging: ""18 checksumAlgorithm: "CRC32"19
4.6.3.3.4.
링크 복사링크가 클립보드에 복사되었습니다!
주의
참고
snapshotLocations:
- velero:
config:
profile: default
region: <region>
provider: aws
# ...$ dd if=/dev/urandom bs=1 count=32 > sse.key$ cat sse.key | base64 > sse_encoded.key$ ln -s sse_encoded.key customer-key
$ oc create secret generic cloud-credentials --namespace openshift-adp --from-file cloud=<path>/openshift_aws_credentials,customer-key=<path>/sse_encoded.keyapiVersion: v1 data: cloud: W2Rfa2V5X2lkPSJBS0lBVkJRWUIyRkQ0TlFHRFFPQiIKYXdzX3NlY3JldF9hY2Nlc3Nfa2V5P<snip>rUE1mNWVSbTN5K2FpeWhUTUQyQk1WZHBOIgo= customer-key: v+<snip>TFIiq6aaXPbj8dhos= kind: Secret # ...
spec: backupLocations: - velero: config: customerKeyEncryptionFile: /credentials/customer-key profile: default # ...주의
$ echo "encrypt me please" > test.txt$ aws s3api put-object \ --bucket <bucket> \ --key test.txt \ --body test.txt \ --sse-customer-key fileb://sse.key \ --sse-customer-algorithm AES256$ s3cmd get s3://<bucket>/test.txt test.txt$ aws s3api get-object \ --bucket <bucket> \ --key test.txt \ --sse-customer-key fileb://sse.key \ --sse-customer-algorithm AES256 \ downloaded.txt$ cat downloaded.txtencrypt me please
4.6.3.3.4.1.
링크 복사링크가 클립보드에 복사되었습니다!
$ aws s3api get-object \
--bucket <bucket> \
--key velero/backups/mysql-persistent-customerkeyencryptionfile4/mysql-persistent-customerkeyencryptionfile4.tar.gz \
--sse-customer-key fileb://sse.key \
--sse-customer-algorithm AES256 \
--debug \
velero_download.tar.gz4.6.3.4.
링크 복사링크가 클립보드에 복사되었습니다!
4.6.3.4.1.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: <dpa_sample> spec: # ... configuration: velero: podConfig: nodeSelector: <node_selector>1 resourceAllocations:2 limits: cpu: "1" memory: 1024Mi requests: cpu: 200m memory: 256Mi
참고
4.6.3.4.2.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: <dpa_sample> spec: # ... backupLocations: - name: default velero: provider: aws default: true objectStorage: bucket: <bucket> prefix: <prefix> caCert: <base64_encoded_cert_string>1 config: insecureSkipTLSVerify: "false"2 # ...
4.6.3.4.2.1.
링크 복사링크가 클립보드에 복사되었습니다!
$ alias velero='oc -n openshift-adp exec deployment/velero -c velero -it -- ./velero'$ velero version Client: Version: v1.12.1-OADP Git commit: - Server: Version: v1.12.1-OADP$ CA_CERT=$(oc -n openshift-adp get dataprotectionapplications.oadp.openshift.io <dpa-name> -o jsonpath='{.spec.backupLocations[0].velero.objectStorage.caCert}') $ [[ -n $CA_CERT ]] && echo "$CA_CERT" | base64 -d | oc exec -n openshift-adp -i deploy/velero -c velero -- bash -c "cat > /tmp/your-cacert.txt" || echo "DPA BSL has no caCert"$ velero describe backup <backup_name> --details --cacert /tmp/<your_cacert>.txt$ velero backup logs <backup_name> --cacert /tmp/<your_cacert.txt>$ oc exec -n openshift-adp -i deploy/velero -c velero -- bash -c "ls /tmp/your-cacert.txt" /tmp/your-cacert.txt
4.6.3.5.
링크 복사링크가 클립보드에 복사되었습니다!
- 참고
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: <dpa_sample> namespace: openshift-adp1 spec: configuration: velero: defaultPlugins: - openshift2 - aws resourceTimeout: 10m3 nodeAgent:4 enable: true5 uploaderType: kopia6 podConfig: nodeSelector: <node_selector>7 backupLocations: - name: default velero: provider: aws default: true objectStorage: bucket: <bucket_name>8 prefix: <prefix>9 config: region: <region> profile: "default" s3ForcePathStyle: "true"10 s3Url: <s3_url>11 credential: key: cloud name: cloud-credentials12 snapshotLocations:13 - name: default velero: provider: aws config: region: <region>14 profile: "default" credential: key: cloud name: cloud-credentials15
$ oc get all -n openshift-adpNAME READY STATUS RESTARTS AGE pod/oadp-operator-controller-manager-67d9494d47-6l8z8 2/2 Running 0 2m8s pod/node-agent-9cq4q 1/1 Running 0 94s pod/node-agent-m4lts 1/1 Running 0 94s pod/node-agent-pv4kr 1/1 Running 0 95s pod/velero-588db7f655-n842v 1/1 Running 0 95s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/oadp-operator-controller-manager-metrics-service ClusterIP 172.30.70.140 <none> 8443/TCP 2m8s service/openshift-adp-velero-metrics-svc ClusterIP 172.30.10.0 <none> 8085/TCP 8h NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE daemonset.apps/node-agent 3 3 3 3 3 <none> 96s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/oadp-operator-controller-manager 1/1 1 1 2m9s deployment.apps/velero 1/1 1 1 96s NAME DESIRED CURRENT READY AGE replicaset.apps/oadp-operator-controller-manager-67d9494d47 1 1 1 2m9s replicaset.apps/velero-588db7f655 1 1 1 96s$ oc get dpa dpa-sample -n openshift-adp -o jsonpath='{.status}'{"conditions":[{"lastTransitionTime":"2023-10-27T01:23:57Z","message":"Reconcile complete","reason":"Complete","status":"True","type":"Reconciled"}]}$ oc get backupstoragelocations.velero.io -n openshift-adpNAME PHASE LAST VALIDATED AGE DEFAULT dpa-sample-1 Available 1s 3d16h true
4.6.3.5.1.
링크 복사링크가 클립보드에 복사되었습니다!
$ oc label node/<node_name> node-role.kubernetes.io/nodeAgent=""
configuration:
nodeAgent:
enable: true
podConfig:
nodeSelector:
node-role.kubernetes.io/nodeAgent: ""
configuration:
nodeAgent:
enable: true
podConfig:
nodeSelector:
node-role.kubernetes.io/infra: ""
node-role.kubernetes.io/worker: ""4.6.3.6.
링크 복사링크가 클립보드에 복사되었습니다!
참고
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: test-dpa namespace: openshift-adp spec: backupLocations: - name: default velero: config: checksumAlgorithm: ""1 insecureSkipTLSVerify: "true" profile: "default" region: <bucket_region> s3ForcePathStyle: "true" s3Url: <bucket_url> credential: key: cloud name: cloud-credentials default: true objectStorage: bucket: <bucket_name> prefix: velero provider: aws configuration: velero: defaultPlugins: - openshift - aws - csi
중요
4.6.3.7.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: test-dpa namespace: openshift-adp spec: backupLocations: - name: default velero: config: insecureSkipTLSVerify: "true" profile: "default" region: <bucket_region> s3ForcePathStyle: "true" s3Url: <bucket_url> credential: key: cloud name: cloud-credentials default: true objectStorage: bucket: <bucket_name> prefix: velero provider: aws configuration: nodeAgent: enable: true uploaderType: restic velero: client-burst: 5001 client-qps: 3002 defaultPlugins: - openshift - aws - kubevirt
4.6.3.8.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication #... backupLocations: - name: aws1 velero: provider: aws default: true2 objectStorage: bucket: <bucket_name>3 prefix: <prefix>4 config: region: <region_name>5 profile: "default" credential: key: cloud name: cloud-credentials6 - name: odf7 velero: provider: aws default: false objectStorage: bucket: <bucket_name> prefix: <prefix> config: profile: "default" region: <region_name> s3Url: <url>8 insecureSkipTLSVerify: "true" s3ForcePathStyle: "true" credential: key: cloud name: <custom_secret_name_odf>9 #...apiVersion: velero.io/v1 kind: Backup # ... spec: includedNamespaces: - <namespace>1 storageLocation: <backup_storage_location>2 defaultVolumesToFsBackup: true
4.6.3.8.1.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication ... spec: configuration: velero: defaultPlugins: - openshift - csi1
4.6.3.8.2.
링크 복사링크가 클립보드에 복사되었습니다!
# ... configuration: nodeAgent: enable: false1 uploaderType: kopia # ...# ... configuration: nodeAgent: enable: true1 uploaderType: kopia # ...
4.6.4.
링크 복사링크가 클립보드에 복사되었습니다!
4.6.4.1.
링크 복사링크가 클립보드에 복사되었습니다!
$ ibmcloud plugin install cos -f$ BUCKET=<bucket_name>$ REGION=<bucket_region>1 $ ibmcloud resource group-create <resource_group_name>$ ibmcloud target -g <resource_group_name>$ ibmcloud targetAPI endpoint: https://cloud.ibm.com Region: User: test-user Account: Test Account (fb6......e95) <-> 2...122 Resource group: Default$ RESOURCE_GROUP=<resource_group>1 $ ibmcloud resource service-instance-create \ <service_instance_name> \1 <service_name> \2 <service_plan> \3 <region_name>4 $ ibmcloud resource service-instance-create test-service-instance cloud-object-storage \1 standard \ global \ -d premium-global-deployment2 $ SERVICE_INSTANCE_ID=$(ibmcloud resource service-instance test-service-instance --output json | jq -r '.[0].id')$ ibmcloud cos bucket-create \// --bucket $BUCKET \// --ibm-service-instance-id $SERVICE_INSTANCE_ID \// --region $REGION$ ibmcloud resource service-key-create test-key Writer --instance-name test-service-instance --parameters {\"HMAC\":true}$ cat > credentials-velero << __EOF__ [default] aws_access_key_id=$(ibmcloud resource service-key test-key -o json | jq -r '.[0].credentials.cos_hmac_keys.access_key_id') aws_secret_access_key=$(ibmcloud resource service-key test-key -o json | jq -r '.[0].credentials.cos_hmac_keys.secret_access_key') __EOF__
4.6.4.2.
링크 복사링크가 클립보드에 복사되었습니다!
참고
$ oc create secret generic cloud-credentials -n openshift-adp --from-file cloud=credentials-velero
4.6.4.3.
링크 복사링크가 클립보드에 복사되었습니다!
$ oc create secret generic cloud-credentials -n openshift-adp --from-file cloud=credentials-velero$ oc create secret generic <custom_secret> -n openshift-adp --from-file cloud=credentials-veleroapiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: <dpa_sample> namespace: openshift-adp spec: ... backupLocations: - velero: provider: <provider> default: true credential: key: cloud name: <custom_secret>1 objectStorage: bucket: <bucket_name> prefix: <prefix>
4.6.4.4.
링크 복사링크가 클립보드에 복사되었습니다!
- 참고
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: namespace: openshift-adp name: <dpa_name> spec: configuration: velero: defaultPlugins: - openshift - aws - csi backupLocations: - velero: provider: aws1 default: true objectStorage: bucket: <bucket_name>2 prefix: velero config: insecureSkipTLSVerify: 'true' profile: default region: <region_name>3 s3ForcePathStyle: 'true' s3Url: <s3_url>4 credential: key: cloud name: cloud-credentials5
$ oc get all -n openshift-adpNAME READY STATUS RESTARTS AGE pod/oadp-operator-controller-manager-67d9494d47-6l8z8 2/2 Running 0 2m8s pod/node-agent-9cq4q 1/1 Running 0 94s pod/node-agent-m4lts 1/1 Running 0 94s pod/node-agent-pv4kr 1/1 Running 0 95s pod/velero-588db7f655-n842v 1/1 Running 0 95s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/oadp-operator-controller-manager-metrics-service ClusterIP 172.30.70.140 <none> 8443/TCP 2m8s service/openshift-adp-velero-metrics-svc ClusterIP 172.30.10.0 <none> 8085/TCP 8h NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE daemonset.apps/node-agent 3 3 3 3 3 <none> 96s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/oadp-operator-controller-manager 1/1 1 1 2m9s deployment.apps/velero 1/1 1 1 96s NAME DESIRED CURRENT READY AGE replicaset.apps/oadp-operator-controller-manager-67d9494d47 1 1 1 2m9s replicaset.apps/velero-588db7f655 1 1 1 96s$ oc get dpa dpa-sample -n openshift-adp -o jsonpath='{.status}'{"conditions":[{"lastTransitionTime":"2023-10-27T01:23:57Z","message":"Reconcile complete","reason":"Complete","status":"True","type":"Reconciled"}]}$ oc get backupstoragelocations.velero.io -n openshift-adpNAME PHASE LAST VALIDATED AGE DEFAULT dpa-sample-1 Available 1s 3d16h true
4.6.4.5.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: <dpa_sample> spec: # ... configuration: velero: podConfig: nodeSelector: <node_selector>1 resourceAllocations:2 limits: cpu: "1" memory: 1024Mi requests: cpu: 200m memory: 256Mi
참고
4.6.4.6.
링크 복사링크가 클립보드에 복사되었습니다!
$ oc label node/<node_name> node-role.kubernetes.io/nodeAgent=""
configuration:
nodeAgent:
enable: true
podConfig:
nodeSelector:
node-role.kubernetes.io/nodeAgent: ""
configuration:
nodeAgent:
enable: true
podConfig:
nodeSelector:
node-role.kubernetes.io/infra: ""
node-role.kubernetes.io/worker: ""4.6.4.7.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: test-dpa namespace: openshift-adp spec: backupLocations: - name: default velero: config: insecureSkipTLSVerify: "true" profile: "default" region: <bucket_region> s3ForcePathStyle: "true" s3Url: <bucket_url> credential: key: cloud name: cloud-credentials default: true objectStorage: bucket: <bucket_name> prefix: velero provider: aws configuration: nodeAgent: enable: true uploaderType: restic velero: client-burst: 5001 client-qps: 3002 defaultPlugins: - openshift - aws - kubevirt
4.6.4.8.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication #... backupLocations: - name: aws1 velero: provider: aws default: true2 objectStorage: bucket: <bucket_name>3 prefix: <prefix>4 config: region: <region_name>5 profile: "default" credential: key: cloud name: cloud-credentials6 - name: odf7 velero: provider: aws default: false objectStorage: bucket: <bucket_name> prefix: <prefix> config: profile: "default" region: <region_name> s3Url: <url>8 insecureSkipTLSVerify: "true" s3ForcePathStyle: "true" credential: key: cloud name: <custom_secret_name_odf>9 #...apiVersion: velero.io/v1 kind: Backup # ... spec: includedNamespaces: - <namespace>1 storageLocation: <backup_storage_location>2 defaultVolumesToFsBackup: true
4.6.4.9.
링크 복사링크가 클립보드에 복사되었습니다!
# ... configuration: nodeAgent: enable: false1 uploaderType: kopia # ...# ... configuration: nodeAgent: enable: true1 uploaderType: kopia # ...
4.6.5.
링크 복사링크가 클립보드에 복사되었습니다!
참고
4.6.5.1.
링크 복사링크가 클립보드에 복사되었습니다!
4.6.5.2.
링크 복사링크가 클립보드에 복사되었습니다!
중요
4.6.5.2.1.
링크 복사링크가 클립보드에 복사되었습니다!
참고
$ oc create secret generic cloud-credentials-azure -n openshift-adp --from-file cloud=credentials-velero
4.6.5.2.2.
링크 복사링크가 클립보드에 복사되었습니다!
$ oc create secret generic cloud-credentials-azure -n openshift-adp --from-file cloud=credentials-velero$ oc create secret generic <custom_secret> -n openshift-adp --from-file cloud=credentials-veleroapiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: <dpa_sample> namespace: openshift-adp spec: ... backupLocations: - velero: config: resourceGroup: <azure_resource_group> storageAccount: <azure_storage_account_id> subscriptionId: <azure_subscription_id> storageAccountKeyEnvVar: AZURE_STORAGE_ACCOUNT_ACCESS_KEY credential: key: cloud name: <custom_secret>1 provider: azure default: true objectStorage: bucket: <bucket_name> prefix: <prefix> snapshotLocations: - velero: config: resourceGroup: <azure_resource_group> subscriptionId: <azure_subscription_id> incremental: "true" provider: azure
4.6.5.3.
링크 복사링크가 클립보드에 복사되었습니다!
4.6.5.3.1.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: <dpa_sample> spec: # ... configuration: velero: podConfig: nodeSelector: <node_selector>1 resourceAllocations:2 limits: cpu: "1" memory: 1024Mi requests: cpu: 200m memory: 256Mi
참고
4.6.5.3.2.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: <dpa_sample> spec: # ... backupLocations: - name: default velero: provider: aws default: true objectStorage: bucket: <bucket> prefix: <prefix> caCert: <base64_encoded_cert_string>1 config: insecureSkipTLSVerify: "false"2 # ...
4.6.5.3.2.1.
링크 복사링크가 클립보드에 복사되었습니다!
$ alias velero='oc -n openshift-adp exec deployment/velero -c velero -it -- ./velero'$ velero version Client: Version: v1.12.1-OADP Git commit: - Server: Version: v1.12.1-OADP$ CA_CERT=$(oc -n openshift-adp get dataprotectionapplications.oadp.openshift.io <dpa-name> -o jsonpath='{.spec.backupLocations[0].velero.objectStorage.caCert}') $ [[ -n $CA_CERT ]] && echo "$CA_CERT" | base64 -d | oc exec -n openshift-adp -i deploy/velero -c velero -- bash -c "cat > /tmp/your-cacert.txt" || echo "DPA BSL has no caCert"$ velero describe backup <backup_name> --details --cacert /tmp/<your_cacert>.txt$ velero backup logs <backup_name> --cacert /tmp/<your_cacert.txt>$ oc exec -n openshift-adp -i deploy/velero -c velero -- bash -c "ls /tmp/your-cacert.txt" /tmp/your-cacert.txt
4.6.5.4.
링크 복사링크가 클립보드에 복사되었습니다!
- 참고
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: <dpa_sample> namespace: openshift-adp1 spec: configuration: velero: defaultPlugins: - azure - openshift2 resourceTimeout: 10m3 nodeAgent:4 enable: true5 uploaderType: kopia6 podConfig: nodeSelector: <node_selector>7 backupLocations: - velero: config: resourceGroup: <azure_resource_group>8 storageAccount: <azure_storage_account_id>9 subscriptionId: <azure_subscription_id>10 storageAccountKeyEnvVar: AZURE_STORAGE_ACCOUNT_ACCESS_KEY credential: key: cloud name: cloud-credentials-azure11 provider: azure default: true objectStorage: bucket: <bucket_name>12 prefix: <prefix>13 snapshotLocations:14 - velero: config: resourceGroup: <azure_resource_group> subscriptionId: <azure_subscription_id> incremental: "true" name: default provider: azure credential: key: cloud name: cloud-credentials-azure15
$ oc get all -n openshift-adpNAME READY STATUS RESTARTS AGE pod/oadp-operator-controller-manager-67d9494d47-6l8z8 2/2 Running 0 2m8s pod/node-agent-9cq4q 1/1 Running 0 94s pod/node-agent-m4lts 1/1 Running 0 94s pod/node-agent-pv4kr 1/1 Running 0 95s pod/velero-588db7f655-n842v 1/1 Running 0 95s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/oadp-operator-controller-manager-metrics-service ClusterIP 172.30.70.140 <none> 8443/TCP 2m8s service/openshift-adp-velero-metrics-svc ClusterIP 172.30.10.0 <none> 8085/TCP 8h NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE daemonset.apps/node-agent 3 3 3 3 3 <none> 96s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/oadp-operator-controller-manager 1/1 1 1 2m9s deployment.apps/velero 1/1 1 1 96s NAME DESIRED CURRENT READY AGE replicaset.apps/oadp-operator-controller-manager-67d9494d47 1 1 1 2m9s replicaset.apps/velero-588db7f655 1 1 1 96s$ oc get dpa dpa-sample -n openshift-adp -o jsonpath='{.status}'{"conditions":[{"lastTransitionTime":"2023-10-27T01:23:57Z","message":"Reconcile complete","reason":"Complete","status":"True","type":"Reconciled"}]}$ oc get backupstoragelocations.velero.io -n openshift-adpNAME PHASE LAST VALIDATED AGE DEFAULT dpa-sample-1 Available 1s 3d16h true
4.6.5.5.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: test-dpa namespace: openshift-adp spec: backupLocations: - name: default velero: config: insecureSkipTLSVerify: "true" profile: "default" region: <bucket_region> s3ForcePathStyle: "true" s3Url: <bucket_url> credential: key: cloud name: cloud-credentials default: true objectStorage: bucket: <bucket_name> prefix: velero provider: aws configuration: nodeAgent: enable: true uploaderType: restic velero: client-burst: 5001 client-qps: 3002 defaultPlugins: - openshift - aws - kubevirt
4.6.5.5.1.
링크 복사링크가 클립보드에 복사되었습니다!
$ oc label node/<node_name> node-role.kubernetes.io/nodeAgent=""
configuration:
nodeAgent:
enable: true
podConfig:
nodeSelector:
node-role.kubernetes.io/nodeAgent: ""
configuration:
nodeAgent:
enable: true
podConfig:
nodeSelector:
node-role.kubernetes.io/infra: ""
node-role.kubernetes.io/worker: ""4.6.5.5.2.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication ... spec: configuration: velero: defaultPlugins: - openshift - csi1
4.6.5.5.3.
링크 복사링크가 클립보드에 복사되었습니다!
# ... configuration: nodeAgent: enable: false1 uploaderType: kopia # ...# ... configuration: nodeAgent: enable: true1 uploaderType: kopia # ...
4.6.6.
링크 복사링크가 클립보드에 복사되었습니다!
참고
4.6.6.1.
링크 복사링크가 클립보드에 복사되었습니다!
$ gcloud auth login$ BUCKET=<bucket>1 $ gsutil mb gs://$BUCKET/$ PROJECT_ID=$(gcloud config get-value project)$ gcloud iam service-accounts create velero \ --display-name "Velero service account"$ gcloud iam service-accounts list$ SERVICE_ACCOUNT_EMAIL=$(gcloud iam service-accounts list \ --filter="displayName:Velero service account" \ --format 'value(email)')$ ROLE_PERMISSIONS=( compute.disks.get compute.disks.create compute.disks.createSnapshot compute.snapshots.get compute.snapshots.create compute.snapshots.useReadOnly compute.snapshots.delete compute.zones.get storage.objects.create storage.objects.delete storage.objects.get storage.objects.list iam.serviceAccounts.signBlob )$ gcloud iam roles create velero.server \ --project $PROJECT_ID \ --title "Velero Server" \ --permissions "$(IFS=","; echo "${ROLE_PERMISSIONS[*]}")"$ gcloud projects add-iam-policy-binding $PROJECT_ID \ --member serviceAccount:$SERVICE_ACCOUNT_EMAIL \ --role projects/$PROJECT_ID/roles/velero.server$ gsutil iam ch serviceAccount:$SERVICE_ACCOUNT_EMAIL:objectAdmin gs://${BUCKET}$ gcloud iam service-accounts keys create credentials-velero \ --iam-account $SERVICE_ACCOUNT_EMAIL
4.6.6.2.
링크 복사링크가 클립보드에 복사되었습니다!
중요
4.6.6.2.1.
링크 복사링크가 클립보드에 복사되었습니다!
참고
$ oc create secret generic cloud-credentials-gcp -n openshift-adp --from-file cloud=credentials-velero
4.6.6.2.2.
링크 복사링크가 클립보드에 복사되었습니다!
$ oc create secret generic cloud-credentials-gcp -n openshift-adp --from-file cloud=credentials-velero$ oc create secret generic <custom_secret> -n openshift-adp --from-file cloud=credentials-veleroapiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: <dpa_sample> namespace: openshift-adp spec: ... backupLocations: - velero: provider: gcp default: true credential: key: cloud name: <custom_secret>1 objectStorage: bucket: <bucket_name> prefix: <prefix> snapshotLocations: - velero: provider: gcp default: true config: project: <project> snapshotLocation: us-west1
4.6.6.3.
링크 복사링크가 클립보드에 복사되었습니다!
4.6.6.3.1.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: <dpa_sample> spec: # ... configuration: velero: podConfig: nodeSelector: <node_selector>1 resourceAllocations:2 limits: cpu: "1" memory: 1024Mi requests: cpu: 200m memory: 256Mi
참고
4.6.6.3.2.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: <dpa_sample> spec: # ... backupLocations: - name: default velero: provider: aws default: true objectStorage: bucket: <bucket> prefix: <prefix> caCert: <base64_encoded_cert_string>1 config: insecureSkipTLSVerify: "false"2 # ...
4.6.6.3.2.1.
링크 복사링크가 클립보드에 복사되었습니다!
$ alias velero='oc -n openshift-adp exec deployment/velero -c velero -it -- ./velero'$ velero version Client: Version: v1.12.1-OADP Git commit: - Server: Version: v1.12.1-OADP$ CA_CERT=$(oc -n openshift-adp get dataprotectionapplications.oadp.openshift.io <dpa-name> -o jsonpath='{.spec.backupLocations[0].velero.objectStorage.caCert}') $ [[ -n $CA_CERT ]] && echo "$CA_CERT" | base64 -d | oc exec -n openshift-adp -i deploy/velero -c velero -- bash -c "cat > /tmp/your-cacert.txt" || echo "DPA BSL has no caCert"$ velero describe backup <backup_name> --details --cacert /tmp/<your_cacert>.txt$ velero backup logs <backup_name> --cacert /tmp/<your_cacert.txt>$ oc exec -n openshift-adp -i deploy/velero -c velero -- bash -c "ls /tmp/your-cacert.txt" /tmp/your-cacert.txt
4.6.6.4.
링크 복사링크가 클립보드에 복사되었습니다!
참고
$ mkdir -p oadp-credrequestecho 'apiVersion: cloudcredential.openshift.io/v1 kind: CredentialsRequest metadata: name: oadp-operator-credentials namespace: openshift-cloud-credential-operator spec: providerSpec: apiVersion: cloudcredential.openshift.io/v1 kind: GCPProviderSpec permissions: - compute.disks.get - compute.disks.create - compute.disks.createSnapshot - compute.snapshots.get - compute.snapshots.create - compute.snapshots.useReadOnly - compute.snapshots.delete - compute.zones.get - storage.objects.create - storage.objects.delete - storage.objects.get - storage.objects.list - iam.serviceAccounts.signBlob skipServiceCheck: true secretRef: name: cloud-credentials-gcp namespace: <OPERATOR_INSTALL_NS> serviceAccountNames: - velero ' > oadp-credrequest/credrequest.yaml$ ccoctl gcp create-service-accounts \ --name=<name> \ --project=<gcp_project_id> \ --credentials-requests-dir=oadp-credrequest \ --workload-identity-pool=<pool_id> \ --workload-identity-provider=<provider_id>$ oc create namespace <OPERATOR_INSTALL_NS>$ oc apply -f manifests/openshift-adp-cloud-credentials-gcp-credentials.yaml
4.6.6.4.1.
링크 복사링크가 클립보드에 복사되었습니다!
4.6.6.5.
링크 복사링크가 클립보드에 복사되었습니다!
- 참고
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: <dpa_sample> namespace: <OPERATOR_INSTALL_NS>1 spec: configuration: velero: defaultPlugins: - gcp - openshift2 resourceTimeout: 10m3 nodeAgent:4 enable: true5 uploaderType: kopia6 podConfig: nodeSelector: <node_selector>7 backupLocations: - velero: provider: gcp default: true credential: key: cloud8 name: cloud-credentials-gcp9 objectStorage: bucket: <bucket_name>10 prefix: <prefix>11 snapshotLocations:12 - velero: provider: gcp default: true config: project: <project> snapshotLocation: us-west113 credential: key: cloud name: cloud-credentials-gcp14 backupImages: true15
$ oc get all -n openshift-adpNAME READY STATUS RESTARTS AGE pod/oadp-operator-controller-manager-67d9494d47-6l8z8 2/2 Running 0 2m8s pod/node-agent-9cq4q 1/1 Running 0 94s pod/node-agent-m4lts 1/1 Running 0 94s pod/node-agent-pv4kr 1/1 Running 0 95s pod/velero-588db7f655-n842v 1/1 Running 0 95s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/oadp-operator-controller-manager-metrics-service ClusterIP 172.30.70.140 <none> 8443/TCP 2m8s service/openshift-adp-velero-metrics-svc ClusterIP 172.30.10.0 <none> 8085/TCP 8h NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE daemonset.apps/node-agent 3 3 3 3 3 <none> 96s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/oadp-operator-controller-manager 1/1 1 1 2m9s deployment.apps/velero 1/1 1 1 96s NAME DESIRED CURRENT READY AGE replicaset.apps/oadp-operator-controller-manager-67d9494d47 1 1 1 2m9s replicaset.apps/velero-588db7f655 1 1 1 96s$ oc get dpa dpa-sample -n openshift-adp -o jsonpath='{.status}'{"conditions":[{"lastTransitionTime":"2023-10-27T01:23:57Z","message":"Reconcile complete","reason":"Complete","status":"True","type":"Reconciled"}]}$ oc get backupstoragelocations.velero.io -n openshift-adpNAME PHASE LAST VALIDATED AGE DEFAULT dpa-sample-1 Available 1s 3d16h true
4.6.6.6.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: test-dpa namespace: openshift-adp spec: backupLocations: - name: default velero: config: insecureSkipTLSVerify: "true" profile: "default" region: <bucket_region> s3ForcePathStyle: "true" s3Url: <bucket_url> credential: key: cloud name: cloud-credentials default: true objectStorage: bucket: <bucket_name> prefix: velero provider: aws configuration: nodeAgent: enable: true uploaderType: restic velero: client-burst: 5001 client-qps: 3002 defaultPlugins: - openshift - aws - kubevirt
4.6.6.6.1.
링크 복사링크가 클립보드에 복사되었습니다!
$ oc label node/<node_name> node-role.kubernetes.io/nodeAgent=""
configuration:
nodeAgent:
enable: true
podConfig:
nodeSelector:
node-role.kubernetes.io/nodeAgent: ""
configuration:
nodeAgent:
enable: true
podConfig:
nodeSelector:
node-role.kubernetes.io/infra: ""
node-role.kubernetes.io/worker: ""4.6.6.6.2.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication ... spec: configuration: velero: defaultPlugins: - openshift - csi1
4.6.6.6.3.
링크 복사링크가 클립보드에 복사되었습니다!
# ... configuration: nodeAgent: enable: false1 uploaderType: kopia # ...# ... configuration: nodeAgent: enable: true1 uploaderType: kopia # ...
4.6.7.
링크 복사링크가 클립보드에 복사되었습니다!
참고
중요
4.6.7.1.
링크 복사링크가 클립보드에 복사되었습니다!
참고
$ cat << EOF > ./credentials-velero [default] aws_access_key_id=<AWS_ACCESS_KEY_ID> aws_secret_access_key=<AWS_SECRET_ACCESS_KEY> EOF
4.6.7.2.
링크 복사링크가 클립보드에 복사되었습니다!
중요
4.6.7.2.1.
링크 복사링크가 클립보드에 복사되었습니다!
참고
$ oc create secret generic cloud-credentials -n openshift-adp --from-file cloud=credentials-velero
4.6.7.2.2.
링크 복사링크가 클립보드에 복사되었습니다!
$ oc create secret generic cloud-credentials -n openshift-adp --from-file cloud=credentials-velero$ oc create secret generic <custom_secret> -n openshift-adp --from-file cloud=credentials-veleroapiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: <dpa_sample> namespace: openshift-adp spec: ... backupLocations: - velero: config: profile: "default" region: <region_name>1 s3Url: <url> insecureSkipTLSVerify: "true" s3ForcePathStyle: "true" provider: aws default: true credential: key: cloud name: <custom_secret>2 objectStorage: bucket: <bucket_name> prefix: <prefix>
4.6.7.3.
링크 복사링크가 클립보드에 복사되었습니다!
4.6.7.3.1.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: <dpa_sample> spec: # ... configuration: velero: podConfig: nodeSelector: <node_selector>1 resourceAllocations:2 limits: cpu: "1" memory: 1024Mi requests: cpu: 200m memory: 256Mi
참고
4.6.7.3.2.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: <dpa_sample> spec: # ... backupLocations: - name: default velero: provider: aws default: true objectStorage: bucket: <bucket> prefix: <prefix> caCert: <base64_encoded_cert_string>1 config: insecureSkipTLSVerify: "false"2 # ...
4.6.7.3.2.1.
링크 복사링크가 클립보드에 복사되었습니다!
$ alias velero='oc -n openshift-adp exec deployment/velero -c velero -it -- ./velero'$ velero version Client: Version: v1.12.1-OADP Git commit: - Server: Version: v1.12.1-OADP$ CA_CERT=$(oc -n openshift-adp get dataprotectionapplications.oadp.openshift.io <dpa-name> -o jsonpath='{.spec.backupLocations[0].velero.objectStorage.caCert}') $ [[ -n $CA_CERT ]] && echo "$CA_CERT" | base64 -d | oc exec -n openshift-adp -i deploy/velero -c velero -- bash -c "cat > /tmp/your-cacert.txt" || echo "DPA BSL has no caCert"$ velero describe backup <backup_name> --details --cacert /tmp/<your_cacert>.txt$ velero backup logs <backup_name> --cacert /tmp/<your_cacert.txt>$ oc exec -n openshift-adp -i deploy/velero -c velero -- bash -c "ls /tmp/your-cacert.txt" /tmp/your-cacert.txt
4.6.7.4.
링크 복사링크가 클립보드에 복사되었습니다!
- 참고
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: <dpa_sample> namespace: openshift-adp1 spec: configuration: velero: defaultPlugins: - aws2 - openshift3 resourceTimeout: 10m4 nodeAgent:5 enable: true6 uploaderType: kopia7 podConfig: nodeSelector: <node_selector>8 backupLocations: - velero: config: profile: "default" region: <region_name>9 s3Url: <url>10 insecureSkipTLSVerify: "true" s3ForcePathStyle: "true" provider: aws default: true credential: key: cloud name: cloud-credentials11 objectStorage: bucket: <bucket_name>12 prefix: <prefix>13
$ oc get all -n openshift-adpNAME READY STATUS RESTARTS AGE pod/oadp-operator-controller-manager-67d9494d47-6l8z8 2/2 Running 0 2m8s pod/node-agent-9cq4q 1/1 Running 0 94s pod/node-agent-m4lts 1/1 Running 0 94s pod/node-agent-pv4kr 1/1 Running 0 95s pod/velero-588db7f655-n842v 1/1 Running 0 95s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/oadp-operator-controller-manager-metrics-service ClusterIP 172.30.70.140 <none> 8443/TCP 2m8s service/openshift-adp-velero-metrics-svc ClusterIP 172.30.10.0 <none> 8085/TCP 8h NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE daemonset.apps/node-agent 3 3 3 3 3 <none> 96s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/oadp-operator-controller-manager 1/1 1 1 2m9s deployment.apps/velero 1/1 1 1 96s NAME DESIRED CURRENT READY AGE replicaset.apps/oadp-operator-controller-manager-67d9494d47 1 1 1 2m9s replicaset.apps/velero-588db7f655 1 1 1 96s$ oc get dpa dpa-sample -n openshift-adp -o jsonpath='{.status}'{"conditions":[{"lastTransitionTime":"2023-10-27T01:23:57Z","message":"Reconcile complete","reason":"Complete","status":"True","type":"Reconciled"}]}$ oc get backupstoragelocations.velero.io -n openshift-adpNAME PHASE LAST VALIDATED AGE DEFAULT dpa-sample-1 Available 1s 3d16h true
4.6.7.5.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: test-dpa namespace: openshift-adp spec: backupLocations: - name: default velero: config: insecureSkipTLSVerify: "true" profile: "default" region: <bucket_region> s3ForcePathStyle: "true" s3Url: <bucket_url> credential: key: cloud name: cloud-credentials default: true objectStorage: bucket: <bucket_name> prefix: velero provider: aws configuration: nodeAgent: enable: true uploaderType: restic velero: client-burst: 5001 client-qps: 3002 defaultPlugins: - openshift - aws - kubevirt
4.6.7.5.1.
링크 복사링크가 클립보드에 복사되었습니다!
$ oc label node/<node_name> node-role.kubernetes.io/nodeAgent=""
configuration:
nodeAgent:
enable: true
podConfig:
nodeSelector:
node-role.kubernetes.io/nodeAgent: ""
configuration:
nodeAgent:
enable: true
podConfig:
nodeSelector:
node-role.kubernetes.io/infra: ""
node-role.kubernetes.io/worker: ""4.6.7.5.2.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication ... spec: configuration: velero: defaultPlugins: - openshift - csi1
4.6.7.5.3.
링크 복사링크가 클립보드에 복사되었습니다!
# ... configuration: nodeAgent: enable: false1 uploaderType: kopia # ...# ... configuration: nodeAgent: enable: true1 uploaderType: kopia # ...
4.6.8.
링크 복사링크가 클립보드에 복사되었습니다!
참고
중요
4.6.8.1.
링크 복사링크가 클립보드에 복사되었습니다!
중요
4.6.8.1.1.
링크 복사링크가 클립보드에 복사되었습니다!
참고
$ oc create secret generic cloud-credentials -n openshift-adp --from-file cloud=credentials-velero
4.6.8.1.2.
링크 복사링크가 클립보드에 복사되었습니다!
$ oc create secret generic cloud-credentials -n openshift-adp --from-file cloud=credentials-velero$ oc create secret generic <custom_secret> -n openshift-adp --from-file cloud=credentials-veleroapiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: <dpa_sample> namespace: openshift-adp spec: ... backupLocations: - velero: provider: <provider> default: true credential: key: cloud name: <custom_secret>1 objectStorage: bucket: <bucket_name> prefix: <prefix>
4.6.8.2.
링크 복사링크가 클립보드에 복사되었습니다!
4.6.8.2.1.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: <dpa_sample> spec: # ... configuration: velero: podConfig: nodeSelector: <node_selector>1 resourceAllocations:2 limits: cpu: "1" memory: 1024Mi requests: cpu: 200m memory: 256Mi
참고
4.6.8.2.1.1.
링크 복사링크가 클립보드에 복사되었습니다!
4.6.8.2.1.1.1.
링크 복사링크가 클립보드에 복사되었습니다!
|
|
|
|
|
|
|
|
4.6.8.2.2.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: <dpa_sample> spec: # ... backupLocations: - name: default velero: provider: aws default: true objectStorage: bucket: <bucket> prefix: <prefix> caCert: <base64_encoded_cert_string>1 config: insecureSkipTLSVerify: "false"2 # ...
4.6.8.2.2.1.
링크 복사링크가 클립보드에 복사되었습니다!
$ alias velero='oc -n openshift-adp exec deployment/velero -c velero -it -- ./velero'$ velero version Client: Version: v1.12.1-OADP Git commit: - Server: Version: v1.12.1-OADP$ CA_CERT=$(oc -n openshift-adp get dataprotectionapplications.oadp.openshift.io <dpa-name> -o jsonpath='{.spec.backupLocations[0].velero.objectStorage.caCert}') $ [[ -n $CA_CERT ]] && echo "$CA_CERT" | base64 -d | oc exec -n openshift-adp -i deploy/velero -c velero -- bash -c "cat > /tmp/your-cacert.txt" || echo "DPA BSL has no caCert"$ velero describe backup <backup_name> --details --cacert /tmp/<your_cacert>.txt$ velero backup logs <backup_name> --cacert /tmp/<your_cacert.txt>$ oc exec -n openshift-adp -i deploy/velero -c velero -- bash -c "ls /tmp/your-cacert.txt" /tmp/your-cacert.txt
4.6.8.3.
링크 복사링크가 클립보드에 복사되었습니다!
- 참고
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: <dpa_sample> namespace: openshift-adp1 spec: configuration: velero: defaultPlugins: - aws2 - kubevirt3 - csi4 - openshift5 resourceTimeout: 10m6 nodeAgent:7 enable: true8 uploaderType: kopia9 podConfig: nodeSelector: <node_selector>10 backupLocations: - velero: provider: gcp11 default: true credential: key: cloud name: <default_secret>12 objectStorage: bucket: <bucket_name>13 prefix: <prefix>14
$ oc get all -n openshift-adpNAME READY STATUS RESTARTS AGE pod/oadp-operator-controller-manager-67d9494d47-6l8z8 2/2 Running 0 2m8s pod/node-agent-9cq4q 1/1 Running 0 94s pod/node-agent-m4lts 1/1 Running 0 94s pod/node-agent-pv4kr 1/1 Running 0 95s pod/velero-588db7f655-n842v 1/1 Running 0 95s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/oadp-operator-controller-manager-metrics-service ClusterIP 172.30.70.140 <none> 8443/TCP 2m8s service/openshift-adp-velero-metrics-svc ClusterIP 172.30.10.0 <none> 8085/TCP 8h NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE daemonset.apps/node-agent 3 3 3 3 3 <none> 96s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/oadp-operator-controller-manager 1/1 1 1 2m9s deployment.apps/velero 1/1 1 1 96s NAME DESIRED CURRENT READY AGE replicaset.apps/oadp-operator-controller-manager-67d9494d47 1 1 1 2m9s replicaset.apps/velero-588db7f655 1 1 1 96s$ oc get dpa dpa-sample -n openshift-adp -o jsonpath='{.status}'{"conditions":[{"lastTransitionTime":"2023-10-27T01:23:57Z","message":"Reconcile complete","reason":"Complete","status":"True","type":"Reconciled"}]}$ oc get backupstoragelocations.velero.io -n openshift-adpNAME PHASE LAST VALIDATED AGE DEFAULT dpa-sample-1 Available 1s 3d16h true
4.6.8.4.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: test-dpa namespace: openshift-adp spec: backupLocations: - name: default velero: config: insecureSkipTLSVerify: "true" profile: "default" region: <bucket_region> s3ForcePathStyle: "true" s3Url: <bucket_url> credential: key: cloud name: cloud-credentials default: true objectStorage: bucket: <bucket_name> prefix: velero provider: aws configuration: nodeAgent: enable: true uploaderType: restic velero: client-burst: 5001 client-qps: 3002 defaultPlugins: - openshift - aws - kubevirt
4.6.8.4.1.
링크 복사링크가 클립보드에 복사되었습니다!
$ oc label node/<node_name> node-role.kubernetes.io/nodeAgent=""
configuration:
nodeAgent:
enable: true
podConfig:
nodeSelector:
node-role.kubernetes.io/nodeAgent: ""
configuration:
nodeAgent:
enable: true
podConfig:
nodeSelector:
node-role.kubernetes.io/infra: ""
node-role.kubernetes.io/worker: ""4.6.8.4.2.
링크 복사링크가 클립보드에 복사되었습니다!
주의
참고
4.6.8.4.3.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication ... spec: configuration: velero: defaultPlugins: - openshift - csi1
4.6.8.4.4.
링크 복사링크가 클립보드에 복사되었습니다!
# ... configuration: nodeAgent: enable: false1 uploaderType: kopia # ...# ... configuration: nodeAgent: enable: true1 uploaderType: kopia # ...
4.6.9.
링크 복사링크가 클립보드에 복사되었습니다!
참고
4.6.9.1.
링크 복사링크가 클립보드에 복사되었습니다!
- 주의
4.6.9.2.
링크 복사링크가 클립보드에 복사되었습니다!
- 참고
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: <dpa_sample> namespace: openshift-adp1 spec: configuration: velero: defaultPlugins: - kubevirt2 - gcp3 - csi4 - openshift5 resourceTimeout: 10m6 nodeAgent:7 enable: true8 uploaderType: kopia9 podConfig: nodeSelector: <node_selector>10 backupLocations: - velero: provider: gcp11 default: true credential: key: cloud name: <default_secret>12 objectStorage: bucket: <bucket_name>13 prefix: <prefix>14
$ oc get all -n openshift-adpNAME READY STATUS RESTARTS AGE pod/oadp-operator-controller-manager-67d9494d47-6l8z8 2/2 Running 0 2m8s pod/node-agent-9cq4q 1/1 Running 0 94s pod/node-agent-m4lts 1/1 Running 0 94s pod/node-agent-pv4kr 1/1 Running 0 95s pod/velero-588db7f655-n842v 1/1 Running 0 95s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/oadp-operator-controller-manager-metrics-service ClusterIP 172.30.70.140 <none> 8443/TCP 2m8s service/openshift-adp-velero-metrics-svc ClusterIP 172.30.10.0 <none> 8085/TCP 8h NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE daemonset.apps/node-agent 3 3 3 3 3 <none> 96s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/oadp-operator-controller-manager 1/1 1 1 2m9s deployment.apps/velero 1/1 1 1 96s NAME DESIRED CURRENT READY AGE replicaset.apps/oadp-operator-controller-manager-67d9494d47 1 1 1 2m9s replicaset.apps/velero-588db7f655 1 1 1 96s$ oc get dpa dpa-sample -n openshift-adp -o jsonpath='{.status}'{"conditions":[{"lastTransitionTime":"2023-10-27T01:23:57Z","message":"Reconcile complete","reason":"Complete","status":"True","type":"Reconciled"}]}$ oc get backupstoragelocations.velero.io -n openshift-adpNAME PHASE LAST VALIDATED AGE DEFAULT dpa-sample-1 Available 1s 3d16h true
주의
4.6.9.3.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: velero.io/v1 kind: Backup metadata: name: vmbackupsingle namespace: openshift-adp spec: snapshotMoveData: true includedNamespaces: - <vm_namespace>1 labelSelector: matchLabels: app: <vm_app_name>2 storageLocation: <backup_storage_location_name>3 $ oc apply -f <backup_cr_file_name>1
4.6.9.4.
링크 복사링크가 클립보드에 복사되었습니다!
4.6.9.5.
링크 복사링크가 클립보드에 복사되었습니다!
$ oc label vm <vm_name> app=<vm_name> -n openshift-adpapiVersion: velero.io/v1 kind: Restore metadata: name: singlevmrestore namespace: openshift-adp spec: backupName: multiplevmbackup restorePVs: true LabelSelectors: - matchLabels: kubevirt.io/created-by: <datavolume_uid>1 - matchLabels: app: <vm_name>2 $ oc apply -f <restore_cr_file_name>1
4.6.9.6.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: test-dpa namespace: openshift-adp spec: backupLocations: - name: default velero: config: insecureSkipTLSVerify: "true" profile: "default" region: <bucket_region> s3ForcePathStyle: "true" s3Url: <bucket_url> credential: key: cloud name: cloud-credentials default: true objectStorage: bucket: <bucket_name> prefix: velero provider: aws configuration: nodeAgent: enable: true uploaderType: restic velero: client-burst: 5001 client-qps: 3002 defaultPlugins: - openshift - aws - kubevirt
4.6.9.6.1.
링크 복사링크가 클립보드에 복사되었습니다!
$ oc label node/<node_name> node-role.kubernetes.io/nodeAgent=""
configuration:
nodeAgent:
enable: true
podConfig:
nodeSelector:
node-role.kubernetes.io/nodeAgent: ""
configuration:
nodeAgent:
enable: true
podConfig:
nodeSelector:
node-role.kubernetes.io/infra: ""
node-role.kubernetes.io/worker: ""4.6.9.7.
링크 복사링크가 클립보드에 복사되었습니다!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
참고
중요
4.6.10.
링크 복사링크가 클립보드에 복사되었습니다!
4.6.10.1.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication #... backupLocations: - name: aws1 velero: provider: aws default: true2 objectStorage: bucket: <bucket_name>3 prefix: <prefix>4 config: region: <region_name>5 profile: "default" credential: key: cloud name: cloud-credentials6 - name: odf7 velero: provider: aws default: false objectStorage: bucket: <bucket_name> prefix: <prefix> config: profile: "default" region: <region_name> s3Url: <url>8 insecureSkipTLSVerify: "true" s3ForcePathStyle: "true" credential: key: cloud name: <custom_secret_name_odf>9 #...apiVersion: velero.io/v1 kind: Backup # ... spec: includedNamespaces: - <namespace>1 storageLocation: <backup_storage_location>2 defaultVolumesToFsBackup: true
4.6.10.2.
링크 복사링크가 클립보드에 복사되었습니다!
$ oc create secret generic cloud-credentials -n openshift-adp --from-file cloud=<aws_credentials_file_name>1 $ oc create secret generic mcg-secret -n openshift-adp --from-file cloud=<MCG_credentials_file_name>1 apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: two-bsl-dpa namespace: openshift-adp spec: backupLocations: - name: aws velero: config: profile: default region: <region_name>1 credential: key: cloud name: cloud-credentials default: true objectStorage: bucket: <bucket_name>2 prefix: velero provider: aws - name: mcg velero: config: insecureSkipTLSVerify: "true" profile: noobaa region: <region_name>3 s3ForcePathStyle: "true" s3Url: <s3_url>4 credential: key: cloud name: mcg-secret5 objectStorage: bucket: <bucket_name_mcg>6 prefix: velero provider: aws configuration: nodeAgent: enable: true uploaderType: kopia velero: defaultPlugins: - openshift - aws$ oc create -f <dpa_file_name>1 $ oc get dpa -o yaml$ oc get bslNAME PHASE LAST VALIDATED AGE DEFAULT aws Available 5s 3m28s true mcg Available 5s 3m28s- 참고
apiVersion: velero.io/v1 kind: Backup metadata: name: test-backup1 namespace: openshift-adp spec: includedNamespaces: - <mysql_namespace>1 defaultVolumesToFsBackup: true $ oc apply -f <backup_file_name>1 $ oc get backups.velero.io <backup_name> -o yaml1 apiVersion: velero.io/v1 kind: Backup metadata: name: test-backup1 namespace: openshift-adp spec: includedNamespaces: - <mysql_namespace>1 storageLocation: mcg2 defaultVolumesToFsBackup: true$ oc apply -f <backup_file_name>1 $ oc get backups.velero.io <backup_name> -o yaml1
4.6.11.
링크 복사링크가 클립보드에 복사되었습니다!
4.6.11.1.
링크 복사링크가 클립보드에 복사되었습니다!
apiVersion: oadp.openshift.io/v1alpha1
kind: DataProtectionApplication
#...
snapshotLocations:
- velero:
config:
profile: default
region: <region>
credential:
key: cloud
name: cloud-credentials
provider: aws
- velero:
config:
profile: default
region: <region>
credential:
key: cloud
name: <custom_credential>
provider: aws
#...
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}