Backup and Restore Stateful App with Static IP for Ingress
Page last updated:
This topic describes how to use Velero to backup and restore a stateful application with ingress and a static IP address.
Overview
This topic describes how to use Velero to backup and restore a stateful application with ingress and a static IP address.
The application we are going to use to demonstrate this scenario is the Cafe stateless app. Kubernetes ingress provides a layer 7 load balancer. In this case the IP address must be static.
Prerequisites
TKGI cluster is created with static IP set from floating IP pool.
Create and apply network profile for DNS lookup of the Kuberentes API server and the fixed IP address. For example:
{
"name": "dns-lookup-api-ingress",
"description": "Network Profile for DNS Lookup - API and INGRESS",
"parameters": {
"fip_pool_ids": [
"970e09f1-6f28-4457-b069-5c40d145f4e3"
],
"dns_lookup_mode": "API_INGRESS",
"ingress_prefix": "ingress"
}
}
Install and configure Minio, Velero, and Restic.
Download the Coffee-Tea app YAML files to a local known directory:
- coffee-rc.yml
- tea-rc.yml
- coffee-svc.yml
- tea-svc.yml
- cafe-ingress-http.yml
Deploy the Coffee-Tea App
Create the Namespace for the application:
kubectl create ns tea-coffee
namespace/tea-coffee created
Deploy the Tea-Coffee app:
kubectl apply -f . -n tea-coffee
ingress.extensions/cafe-ingress created
replicationcontroller/coffee-rc created
service/coffee-svc created
replicationcontroller/tea-rc created
service/tea-svc created
Verify app deployment:
kubectl get all -n tea-coffee
NAME READY STATUS RESTARTS AGE
pod/coffee-rc-8lrwn 1/1 Running 0 7m19s
pod/coffee-rc-kn65r 1/1 Running 0 7m19s
pod/tea-rc-fhhnz 1/1 Running 0 7m19s
pod/tea-rc-t59cs 1/1 Running 0 7m19s
NAME DESIRED CURRENT READY AGE
replicationcontroller/coffee-rc 2 2 2 7m19s
replicationcontroller/tea-rc 2 2 2 7m19s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/coffee-svc ClusterIP 10.100.200.223 <none> 80/TCP 7m19s
service/tea-svc ClusterIP 10.100.200.229 <none> 80/TCP 7m19s
Get the ingress configuration:
kubectl get ingress -n tea-coffee
NAME HOSTS ADDRESS PORTS AGE
cafe-ingress cafe.example.com 10.199.41.111 80 8s
Describe the ingress configuration:
kubectl describe ingress cafe-ingress -n tea-coffee
Name: cafe-ingress
Namespace: tea-coffee
Address: 10.199.41.111
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
cafe.example.com
/tea tea-svc:80 (172.16.19.4:80,172.16.19.5:80)
/coffee coffee-svc:80 (172.16.19.2:80,172.16.19.3:80)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"cafe-ingress","namespace":"tea-coffee"},"spec":{"rules":[{"host":"cafe.example.com","http":{"paths":[{"backend":{"serviceName":"tea-svc","servicePort":80},"path":"/tea"},{"backend":{"serviceName":"coffee-svc","servicePort":80},"path":"/coffee"}]}}]}}
ncp/internal_ip_for_policy: 100.64.208.63
Events: <none>
Access the Coffee-Tea app at http://cafe.example.com/coffee and http://cafe.example.com/tea.
For local testing, make sure the following entry is present in the /etc/hosts of the computer accessing the Coffee-Tea app:
/etc/hosts
10.199.41.111 cafe.example.com
Back Up the Coffee-Tea App Using Namespace
velero backup create tea-coffee-backup --include-namespaces tea-coffee
Backup request "tea-coffee-backup" submitted successfully.
Run `velero backup describe tea-coffee-backup` or `velero backup logs tea-coffee-backup` for more details.
Verify the backup:
velero backup get
NAME STATUS ERRORS WARNINGS CREATED EXPIRES STORAGE LOCATION SELECTOR
tea-coffee-backup Completed 0 0 2020-07-27 09:16:02 -0700 PDT 29d default <none>
Verify backup details:
velero backup describe tea-coffee-backup
Use Velero CRD commands to futher verify the backup:
kubectl get crd
kubectl get backups.velero.io -n velero
NAME AGE
tea-coffee-backup 97s
kubectl describe backups.velero.io tea-coffee-backup -n velero
Restore the Coffee-Tea App
Restore the Coffee-Tea app from the backup using Velero.
Delete the namespace:
kubectl delete ns tea-coffee
namespace "tea-coffee" deleted
Verify that the app is removed:
kubectl get ns
Restore the app:
velero restore create --from-backup tea-coffee-backup
Restore request "tea-coffee-backup-20200727092014" submitted successfully.
Run `velero restore describe tea-coffee-backup-20200727092014` or `velero restore logs tea-coffee-backup-20200727092014` for more details.
Verify app restoration:
velero restore get
NAME BACKUP STATUS ERRORS WARNINGS CREATED SELECTOR
tea-coffee-backup-20200727092014 tea-coffee-backup Completed 0 0 2020-07-27 09:20:14 -0700 PDT <none>
Get app restoration details:
velero restore describe tea-coffee-backup-20200727092014
Name: tea-coffee-backup-20200727092014
Namespace: velero
Labels: <none>
Annotations: <none>
Phase: Completed
Backup: tea-coffee-backup
Namespaces:
Included: all namespaces found in the backup
Excluded: <none>
Resources:
Included: *
Excluded: nodes, events, events.events.k8s.io, backups.velero.io, restores.velero.io, resticrepositories.velero.io
Cluster-scoped: auto
Namespace mappings: <none>
Label selector: <none>
Restore PVs: auto
Check that the namespace is restored.
kubectl get ns
NAME STATUS AGE
default Active 138m
kube-node-lease Active 138m
kube-public Active 138m
kube-system Active 138m
pks-system Active 121m
tea-coffee Active 56s
velero Active 9m24s
Verify that all app objects are restored:
kubectl get all -n tea-coffee
NAME READY STATUS RESTARTS AGE
pod/coffee-rc-8lrwn 1/1 Running 0 89s
pod/coffee-rc-kn65r 1/1 Running 0 89s
pod/tea-rc-fhhnz 1/1 Running 0 89s
pod/tea-rc-t59cs 1/1 Running 0 89s
NAME DESIRED CURRENT READY AGE
replicationcontroller/coffee-rc 2 2 2 89s
replicationcontroller/tea-rc 2 2 2 89s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/coffee-svc ClusterIP 10.100.200.197 <none> 80/TCP 89s
service/tea-svc ClusterIP 10.100.200.17 <none> 80/TCP 89s
Check ingress:
kubectl get ingress -n tea-coffee
NAME HOSTS ADDRESS PORTS AGE
cafe-ingress cafe.example.com 10.199.41.111 80 112s
View ingress details for the restored app:
kubectl describe ingress cafe-ingress -n tea-coffee
Name: cafe-ingress
Namespace: tea-coffee
Address: 10.199.41.111
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
cafe.example.com
/tea tea-svc:80 (172.16.19.2:80,172.16.19.3:80)
/coffee coffee-svc:80 (172.16.19.4:80,172.16.19.5:80)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"cafe-ingress","namespace":"tea-coffee"},"spec":{"rules":[{"host":"cafe.example.com","http":{"paths":[{"backend":{"serviceName":"tea-svc","servicePort":80},"path":"/tea"},{"backend":{"serviceName":"coffee-svc","servicePort":80},"path":"/coffee"}]}}]}}
ncp/internal_ip_for_policy: 100.64.208.63
Events: <none>
Access the Coffee-Tea app at http://cafe.example.com/tea and http://cafe.example.com/coffee.
Conclusions
Key takeaways from the Velero backup and restore operation for this type of application:
- The namespace ‘tea-coffee’ is automatically recreated by Velero
- The Kubernetes ingress IP is preserved (10.199.41.111)
Please send any feedback you have to pks-feedback@pivotal.io.