Backup and Restore Stateful App with Static IP for Ingress

Page last updated:

This topic describes how to use Velero to backup and restore a stateful application with ingress and a static IP address.

Overview

This topic describes how to use Velero to backup and restore a stateful application with ingress and a static IP address.

The application we are going to use to demonstrate this scenario is the Cafe stateless app. Kubernetes ingress provides a layer 7 load balancer. In this case the IP address must be static.

Prerequisites

TKGI cluster is created with static IP set from floating IP pool.

Create and apply network profile for DNS lookup of the Kuberentes API server and the fixed IP address. For example:

{
    "name": "dns-lookup-api-ingress",
    "description": "Network Profile for DNS Lookup - API and INGRESS",
    "parameters": {
        "fip_pool_ids": [
            "970e09f1-6f28-4457-b069-5c40d145f4e3"
        ],
    "dns_lookup_mode": "API_INGRESS",
    "ingress_prefix": "ingress"
    }
}

Install and configure Minio, Velero, and Restic.

Download the Coffee-Tea app YAML files to a local known directory:

  • coffee-rc.yml
  • tea-rc.yml
  • coffee-svc.yml
  • tea-svc.yml
  • cafe-ingress-http.yml

Deploy the Coffee-Tea App

Create the Namespace for the application:

kubectl create ns tea-coffee

namespace/tea-coffee created

Deploy the Tea-Coffee app:

kubectl apply -f . -n tea-coffee

ingress.extensions/cafe-ingress created
replicationcontroller/coffee-rc created
service/coffee-svc created
replicationcontroller/tea-rc created
service/tea-svc created

Verify app deployment:

kubectl get all -n tea-coffee

NAME                  READY   STATUS    RESTARTS   AGE
pod/coffee-rc-8lrwn   1/1     Running   0          7m19s
pod/coffee-rc-kn65r   1/1     Running   0          7m19s
pod/tea-rc-fhhnz      1/1     Running   0          7m19s
pod/tea-rc-t59cs      1/1     Running   0          7m19s

NAME                              DESIRED   CURRENT   READY   AGE
replicationcontroller/coffee-rc   2         2         2       7m19s
replicationcontroller/tea-rc      2         2         2       7m19s

NAME                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
service/coffee-svc   ClusterIP   10.100.200.223   <none>        80/TCP    7m19s
service/tea-svc      ClusterIP   10.100.200.229   <none>        80/TCP    7m19s

Get the ingress configuration:

kubectl get ingress -n tea-coffee

NAME           HOSTS              ADDRESS         PORTS   AGE
cafe-ingress   cafe.example.com   10.199.41.111   80      8s

Describe the ingress configuration:

kubectl describe ingress cafe-ingress -n tea-coffee

Name:             cafe-ingress
Namespace:        tea-coffee
Address:          10.199.41.111
Default backend:  default-http-backend:80 (<none>)
Rules:
  Host              Path  Backends
  ----              ----  --------
  cafe.example.com  
                    /tea      tea-svc:80 (172.16.19.4:80,172.16.19.5:80)
                    /coffee   coffee-svc:80 (172.16.19.2:80,172.16.19.3:80)
Annotations:
  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"cafe-ingress","namespace":"tea-coffee"},"spec":{"rules":[{"host":"cafe.example.com","http":{"paths":[{"backend":{"serviceName":"tea-svc","servicePort":80},"path":"/tea"},{"backend":{"serviceName":"coffee-svc","servicePort":80},"path":"/coffee"}]}}]}}

  ncp/internal_ip_for_policy:  100.64.208.63
Events:                        <none>

Access the Coffee-Tea app at http://cafe.example.com/coffee and http://cafe.example.com/tea.

Coffee-Tea App

Coffee-Tea App

For local testing, make sure the following entry is present in the /etc/hosts of the computer accessing the Coffee-Tea app:

/etc/hosts
10.199.41.111 cafe.example.com

Back Up the Coffee-Tea App Using Namespace

velero backup create tea-coffee-backup --include-namespaces tea-coffee

Backup request "tea-coffee-backup" submitted successfully.
Run `velero backup describe tea-coffee-backup` or `velero backup logs tea-coffee-backup` for more details.

Verify the backup:

velero backup get

NAME                        STATUS      ERRORS   WARNINGS   CREATED                         EXPIRES   STORAGE LOCATION   SELECTOR
tea-coffee-backup           Completed   0        0          2020-07-27 09:16:02 -0700 PDT   29d       default            <none>

Verify backup details:

velero backup describe tea-coffee-backup

Use Velero CRD commands to futher verify the backup:

kubectl get crd
kubectl get backups.velero.io -n velero

NAME                        AGE
tea-coffee-backup           97s
kubectl describe backups.velero.io tea-coffee-backup -n velero

Restore the Coffee-Tea App

Restore the Coffee-Tea app from the backup using Velero.

Delete the namespace:

kubectl delete ns tea-coffee

namespace "tea-coffee" deleted

Verify that the app is removed:

kubectl get ns

Restore the app:

velero restore create --from-backup tea-coffee-backup

Restore request "tea-coffee-backup-20200727092014" submitted successfully.
Run `velero restore describe tea-coffee-backup-20200727092014` or `velero restore logs tea-coffee-backup-20200727092014` for more details.

Verify app restoration:

velero restore get

NAME                               BACKUP              STATUS      ERRORS   WARNINGS   CREATED                         SELECTOR
tea-coffee-backup-20200727092014   tea-coffee-backup   Completed   0        0          2020-07-27 09:20:14 -0700 PDT   <none>

Get app restoration details:

velero restore describe tea-coffee-backup-20200727092014

Name:         tea-coffee-backup-20200727092014
Namespace:    velero
Labels:       <none>
Annotations:  <none>

Phase:  Completed

Backup:  tea-coffee-backup

Namespaces:
  Included:  all namespaces found in the backup
  Excluded:  <none>

Resources:
  Included:        *
  Excluded:        nodes, events, events.events.k8s.io, backups.velero.io, restores.velero.io, resticrepositories.velero.io
  Cluster-scoped:  auto

Namespace mappings:  <none>

Label selector:  <none>

Restore PVs:  auto

Check that the namespace is restored.

kubectl get ns
NAME              STATUS   AGE
default           Active   138m
kube-node-lease   Active   138m
kube-public       Active   138m
kube-system       Active   138m
pks-system        Active   121m
tea-coffee        Active   56s
velero            Active   9m24s

Verify that all app objects are restored:

kubectl get all -n tea-coffee

NAME                  READY   STATUS    RESTARTS   AGE
pod/coffee-rc-8lrwn   1/1     Running   0          89s
pod/coffee-rc-kn65r   1/1     Running   0          89s
pod/tea-rc-fhhnz      1/1     Running   0          89s
pod/tea-rc-t59cs      1/1     Running   0          89s

NAME                              DESIRED   CURRENT   READY   AGE
replicationcontroller/coffee-rc   2         2         2       89s
replicationcontroller/tea-rc      2         2         2       89s

NAME                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
service/coffee-svc   ClusterIP   10.100.200.197   <none>        80/TCP    89s
service/tea-svc      ClusterIP   10.100.200.17    <none>        80/TCP    89s

Check ingress:

kubectl get ingress -n tea-coffee

NAME           HOSTS              ADDRESS         PORTS   AGE
cafe-ingress   cafe.example.com   10.199.41.111   80      112s

View ingress details for the restored app:

kubectl describe ingress cafe-ingress -n tea-coffee

Name:             cafe-ingress
Namespace:        tea-coffee
Address:          10.199.41.111
Default backend:  default-http-backend:80 (<none>)
Rules:
  Host              Path  Backends
  ----              ----  --------
  cafe.example.com  
                    /tea      tea-svc:80 (172.16.19.2:80,172.16.19.3:80)
                    /coffee   coffee-svc:80 (172.16.19.4:80,172.16.19.5:80)
Annotations:
  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"cafe-ingress","namespace":"tea-coffee"},"spec":{"rules":[{"host":"cafe.example.com","http":{"paths":[{"backend":{"serviceName":"tea-svc","servicePort":80},"path":"/tea"},{"backend":{"serviceName":"coffee-svc","servicePort":80},"path":"/coffee"}]}}]}}

  ncp/internal_ip_for_policy:  100.64.208.63
Events:                        <none>

Access the Coffee-Tea app at http://cafe.example.com/tea and http://cafe.example.com/coffee.

Coffee-Tea App

Coffee-Tea App

Conclusions

Key takeaways from the Velero backup and restore operation for this type of application:

  • The namespace ‘tea-coffee’ is automatically recreated by Velero
  • The Kubernetes ingress IP is preserved (10.199.41.111)

Please send any feedback you have to pks-feedback@pivotal.io.