vmware-tanzu
/
velero
mirror of https://github.com/vmware-tanzu/velero.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add v1.11 document. 

Signed-off-by: Xun Jiang <blackpiglet@gmail.com>
pull/6070/head
Xun Jiang 2023-04-03 22:02:35 +08:00
parent f9a3d7e2f2
commit 9f460a91e7
8 changed files with 223 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
site/config.yaml
View File

@ -12,7 +12,7 @@ params:
hero:
backgroundColor: med-blue
versioning: true
latest: v1.10
latest: v1.11
versions:
- main
- v1.11

21
site/content/docs/v1.11/api-types/backup.md
View File

@ -37,6 +37,11 @@ spec:
# asynchronous BackupItemAction operations
# The default value is 1 hour.
itemOperationTimeout: 1h
# resourcePolicy specifies the referenced resource policies that backup should follow
# optional
resourcePolicy:
kind: configmap
name: resource-policy-configmap
# Array of namespaces to include in the backup. If unspecified, all namespaces are included.
# Optional.
includedNamespaces:
@ -72,22 +77,22 @@ spec:
# (for example 'sc' for 'storageclasses'), or fully-qualified. If unspecified,
# no additional cluster-scoped resources are excluded. Optional.
# Cannot work with include-resources, exclude-resources and include-cluster-resources.
excludedClusterScopeResources: {}
excludedClusterScopedResources: {}
# Array of cluster-scoped resources to include from the backup. Resources may be shortcuts
# (for example 'sc' for 'storageclasses'), or fully-qualified. If unspecified,
# no additional cluster-scoped resources are included. Optional.
# Cannot work with include-resources, exclude-resources and include-cluster-resources.
includedClusterScopeResources: {}
# Array of namespace resources to exclude from the backup. Resources may be shortcuts
includedClusterScopedResources: {}
# Array of namespace-scoped resources to exclude from the backup. Resources may be shortcuts
# (for example 'cm' for 'configmaps'), or fully-qualified. If unspecified,
# no namespace resources are excluded. Optional.
# no namespace-scoped resources are excluded. Optional.
# Cannot work with include-resources, exclude-resources and include-cluster-resources.
excludedNamespacedResources: {}
# Array of namespace resources to include from the backup. Resources may be shortcuts
excludedNamespaceScopedResources: {}
# Array of namespace-scoped resources to include from the backup. Resources may be shortcuts
# (for example 'cm' for 'configmaps'), or fully-qualified. If unspecified,
# all namespace resources are included. Optional.
# all namespace-scoped resources are included. Optional.
# Cannot work with include-resources, exclude-resources and include-cluster-resources.
includedNamespacedResources: {}
includedNamespaceScopedResources: {}
# Individual objects must match this label selector to be included in the backup. Optional.
labelSelector:
matchLabels:

16
site/content/docs/v1.11/api-types/schedule.md
View File

@ -73,22 +73,22 @@ spec:
# (for example 'sc' for 'storageclasses'), or fully-qualified. If unspecified,
# no additional cluster-scoped resources are excluded. Optional.
# Cannot work with include-resources, exclude-resources and include-cluster-resources.
excludedClusterScopeResources: {}
excludedClusterScopedResources: {}
# Array of cluster-scoped resources to include from the backup. Resources may be shortcuts
# (for example 'sc' for 'storageclasses'), or fully-qualified. If unspecified,
# no additional cluster-scoped resources are included. Optional.
# Cannot work with include-resources, exclude-resources and include-cluster-resources.
includedClusterScopeResources: {}
# Array of namespace resources to exclude from the backup. Resources may be shortcuts
includedClusterScopedResources: {}
# Array of namespace-scoped resources to exclude from the backup. Resources may be shortcuts
# (for example 'cm' for 'configmaps'), or fully-qualified. If unspecified,
# no namespace resources are excluded. Optional.
# no namespace-scoped resources are excluded. Optional.
# Cannot work with include-resources, exclude-resources and include-cluster-resources.
excludedNamespacedResources: {}
# Array of namespace resources to include from the backup. Resources may be shortcuts
excludedNamespaceScopedResources: {}
# Array of namespace-scoped resources to include from the backup. Resources may be shortcuts
# (for example 'cm' for 'configmaps'), or fully-qualified. If unspecified,
# all namespace resources are included. Optional.
# all namespace-scoped resources are included. Optional.
# Cannot work with include-resources, exclude-resources and include-cluster-resources.
includedNamespacedResources: {}
includedNamespaceScopedResources: {}
# Individual objects must match this label selector to be included in the scheduled backup. Optional.
labelSelector:
matchLabels:

8
site/content/docs/v1.11/manual-testing.md
View File

@ -92,7 +92,7 @@ The following are test cases that are not currently performed as part of a Veler
- `velero.io/exclude-from-backup=true` label
- Since v1.11, new resource filters are added. The new filters only work for backup, and cannot work with old filters (`--include-resources`, `--exclude-resources` and `--include-cluster-resources`). Need to verify backups correctly apply the following new resource filters:
- `--exclude-cluster-scope-resources`
- `--include-cluster-scope-resources`
- `--exclude-namespaced-resources`
- `--include-namespaced-resources`
- `--exclude-cluster-scoped-resources`
- `--include-cluster-scoped-resources`
- `--exclude-namespace-scoped-resources`
- `--include-namespace-scoped-resources`

154
site/content/docs/v1.11/resource-filtering.md
View File

@ -3,9 +3,11 @@ title: "Resource filtering"
layout: docs
---
*Filter objects by namespace, type, or labels.*
*Filter objects by namespace, type, labels or resource policies.*
This page describes how to use the include and exclude flags with the `velero backup` and `velero restore` commands. By default Velero includes all objects in a backup or restore when no filtering options are used.
This page describes how to filter resource for backup and restore.
User could use the include and exclude flags with the `velero backup` and `velero restore` commands. And user could also use resource policies to handle backup.
By default, Velero includes all objects in a backup or restore when no filtering options are used.
## Includes
@ -31,7 +33,7 @@ Namespaces to include. Default is `*`, all namespaces.
### --include-resources
Kubernetes resources to include in the backup, formatted as resource.group, such as storageclasses.storage.k8s.io (use `*` for all resources). Cannot work with `--include-cluster-scope-resources`, `--exclude-cluster-scope-resources`, `--include-namespaced-resources` and `--exclude-namespaced-resources`.
Kubernetes resources to include in the backup, formatted as resource.group, such as storageclasses.storage.k8s.io (use `*` for all resources). Cannot work with `--include-cluster-scoped-resources`, `--exclude-cluster-scoped-resources`, `--include-namespace-scoped-resources` and `--exclude-namespace-scoped-resources`.
* Backup all deployments in the cluster.
@ -53,7 +55,7 @@ Kubernetes resources to include in the backup, formatted as resource.group, such
### --include-cluster-resources
Includes cluster-scoped resources. Cannot work with `--include-cluster-scope-resources`, `--exclude-cluster-scope-resources`, `--include-namespaced-resources` and `--exclude-namespaced-resources`. This option can have three possible values:
Includes cluster-scoped resources. Cannot work with `--include-cluster-scoped-resources`, `--exclude-cluster-scoped-resources`, `--include-namespace-scoped-resources` and `--exclude-namespace-scoped-resources`. This option can have three possible values:
* `true`: all cluster-scoped resources are included.
@ -99,35 +101,35 @@ Includes cluster-scoped resources. Cannot work with `--include-cluster-scope-res
For more information read the [Kubernetes label selector documentation](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors)
### --include-cluster-scope-resources
### --include-cluster-scoped-resources
Kubernetes cluster-scoped resources to include in the backup, formatted as resource.group, such as `storageclasses.storage.k8s.io`(use '*' for all resources). Cannot work with `--include-resources`, `--exclude-resources` and `--include-cluster-resources`. This parameter only works for backup, not for restore.
* Backup all StorageClasses and ClusterRoles in the cluster.
```bash
velero backup create <backup-name> --include-cluster-scope-resources="storageclasses,clusterroles"
velero backup create <backup-name> --include-cluster-scoped-resources="storageclasses,clusterroles"
```
* Backup all cluster-scoped resources in the cluster.
```bash
velero backup create <backup-name> --include-cluster-scope-resources="*"
velero backup create <backup-name> --include-cluster-scoped-resources="*"
```
### --include-namespaced-resources
### --include-namespace-scoped-resources
Kubernetes namespace resources to include in the backup, formatted as resource.group, such as `deployments.apps`(use '*' for all resources). Cannot work with `--include-resources`, `--exclude-resources` and `--include-cluster-resources`. This parameter only works for backup, not for restore.
* Backup all Deployments and ConfigMaps in the cluster.
```bash
velero backup create <backup-name> --include-namespaced-resources="deployments.apps,configmaps"
velero backup create <backup-name> --include-namespace-scoped-resources="deployments.apps,configmaps"
```
* Backup all namespace resources in the cluster.
```bash
velero backup create <backup-name> --include-namespaced-resources="*"
velero backup create <backup-name> --include-namespace-scoped-resources="*"
```
## Excludes
@ -154,7 +156,7 @@ Namespaces to exclude.
### --exclude-resources
Kubernetes resources to exclude, formatted as resource.group, such as storageclasses.storage.k8s.io. Cannot work with `--include-cluster-scope-resources`, `--exclude-cluster-scope-resources`, `--include-namespaced-resources` and `--exclude-namespaced-resources`.
Kubernetes resources to exclude, formatted as resource.group, such as storageclasses.storage.k8s.io. Cannot work with `--include-cluster-scoped-resources`, `--exclude-cluster-scoped-resources`, `--include-namespace-scoped-resources` and `--exclude-namespace-scoped-resources`.
* Exclude secrets from the backup.
@ -172,32 +174,150 @@ Kubernetes resources to exclude, formatted as resource.group, such as storagecla
* Resources with the label `velero.io/exclude-from-backup=true` are not included in backup, even if it contains a matching selector label.
### --exclude-cluster-scope-resources
### --exclude-cluster-scoped-resources
Kubernetes cluster-scoped resources to exclude from the backup, formatted as resource.group, such as `storageclasses.storage.k8s.io`(use '*' for all resources). Cannot work with `--include-resources`, `--exclude-resources` and `--include-cluster-resources`. This parameter only works for backup, not for restore.
* Exclude StorageClasses and ClusterRoles from the backup.
```bash
velero backup create <backup-name> --exclude-cluster-scope-resources="storageclasses,clusterroles"
velero backup create <backup-name> --exclude-cluster-scoped-resources="storageclasses,clusterroles"
```
* Exclude all cluster-scoped resources from the backup.
```bash
velero backup create <backup-name> --exclude-cluster-scope-resources="*"
velero backup create <backup-name> --exclude-cluster-scoped-resources="*"
```
### --exclude-namespaced-resources
### --exclude-namespace-scoped-resources
Kubernetes namespace resources to exclude from the backup, formatted as resource.group, such as `deployments.apps`(use '*' for all resources). Cannot work with `--include-resources`, `--exclude-resources` and `--include-cluster-resources`. This parameter only works for backup, not for restore.
* Exclude all Deployments and ConfigMaps from the backup.
```bash
velero backup create <backup-name> --exclude-namespaced-resources="deployments.apps,configmaps"
velero backup create <backup-name> --exclude-namespace-scoped-resources="deployments.apps,configmaps"
```
* Exclude all namespace resources from the backup.
```bash
velero backup create <backup-name> --exclude-namespaced-resources="*"
velero backup create <backup-name> --exclude-namespace-scoped-resources="*"
```
## Resource policies
Velero provides resource policies to filter resources to do backup or restore. currently, it only supports skip backup volume by resource policies.
**Creating resource policies**
Below is the two-step of using resource policies to skip backup of volume:
1. Creating resource policies configmap
Users need to create one configmap in Velero install namespace from a YAML file that defined resource policies. The creating command would be like the below:
```bash
kubectl create cm <configmap-name> --from-file <yaml-file> -n velero
```
2. Creating a backup reference to the defined resource policies
Users create a backup with the flag `--resource-policies-configmap`, which will reference the current backup to the defined resource policies. The creating command would be like the below:
```bash
velero backup create --resource-policies-configmap <configmap-name>
```
This flag could also be combined with the other include and exclude filters above
**YAML template**
Velero only support volume resource policies currently, other kinds of resource policies could be extended in the future. The policies YAML config file would look like this:
- Yaml template:
```yaml
# currently only supports v1 version
version: v1
volumePolicies:
# each policy consists of a list of conditions and an action
# we could have lots of policies, but if the resource matched the first policy, the latters will be ignored
# each key in the object is one condition, and one policy will apply to resources that meet ALL conditions
# NOTE: capacity or storageClass is suited for [Persistent Volumes](https://kubernetes.io/docs/concepts/storage/persistent-volumes), and pod [Volume](https://kubernetes.io/docs/concepts/storage/volumes) not support it.
- conditions:
# capacity condition matches the volumes whose capacity falls into the range
capacity: "10,100Gi"
# pv matches specific csi driver
csi:
driver: aws.ebs.csi.driver
# pv matches one of the storage class list
storageClass:
- gp2
- standard
action:
type: skip
- conditions:
capacity: "0,100Gi"
# nfs volume source with specific server and path (nfs could be empty or only config server or path)
nfs:
server: 192.168.200.90
path: /mnt/data
action:
type: skip
- conditions:
nfs:
server: 192.168.200.90
action:
type: skip
- conditions:
# nfs could be empty which matches any nfs volume source
nfs: {}
action:
type: skip
- conditions:
# csi could be empty which matches any csi volume source
csi: {}
action:
type: skip
```
**Supported conditions**
Currently, Velero supports the volume attributes listed below:
- capacity: matching volumes have the capacity that falls within this `capacity` range. The capacity value should include the lower value and upper value concatenated by commas, the unit of each value in capacity could be `Ti`, `Gi`, `Mi`, `Ki` etc, which is a standard storage unit in Kubernetes. And it has several combinations below:
- "0,5Gi" or "0Gi,5Gi" which means capacity or size matches from 0 to 5Gi, including value 0 and value 5Gi
- ",5Gi" which is equal to "0,5Gi"
- "5Gi," which means capacity or size matches larger than 5Gi, including value 5Gi
- "5Gi" which is not supported and will be failed in validating the configuration
- storageClass: matching volumes those with specified `storageClass`, such as `gp2`, `ebs-sc` in eks
- volume sources: matching volumes that used specified volume sources. Currently we support nfs or csi backend volume source
Velero supported conditions and format listed below:
- capacity
```yaml
# match volume has the size between 10Gi and 100Gi
capacity: "10Gi,100Gi"
```
- storageClass
```yaml
# match volume has the storage class gp2 or ebs-sc
storageClass:
- gp2
- ebs-sc
```
- volume sources (currently only support below format and attributes)
1. Specify the volume source name, the name could be `nfs`, `rbd`, `iscsi`, `csi` etc, but Velero only support `nfs` and `csi` currently.
```yaml
# match any volume has nfs volume source
nfs : {}
# match any volume has csi volume source
csi : {}
```
2. Specify details for the related volume source (currently we only support csi driver filter and nfs server or path filter)
```yaml
# match volume has csi volume source and using `aws.efs.csi.driver`
csi:
driver: aws.efs.csi.driver
# match volume has nfs volume source and using below server and path
nfs:
server: 192.168.200.90
path: /mnt/nfs
```
For volume provisioned by [Persistent Volumes](https://kubernetes.io/docs/concepts/storage/persistent-volumes) support all above attributes, but for pod [Volume](https://kubernetes.io/docs/concepts/storage/volumes) only support filtered by volume source.
**Resource policies rules**
- Velero already has lots of include or exclude filters. the resource policies are the final filters after others include or exclude filters in one backup processing workflow. So if use a defined similar filter like the opt-in approach to backup one pod volume but skip backup of the same pod volume in resource policies, as resource policies are the final filters that are applied, the volume will not be backed up.
- If volume resource policies conflict with themselves the first matched policy will be respected when many policies are defined.

6
site/content/docs/v1.11/troubleshooting.md
View File

@ -52,6 +52,12 @@ Because of how Kubernetes handles Service objects of `type=LoadBalancer`, when y
Alternatively, you might be able to use the Service's `spec.loadBalancerIP` field to keep connections valid, if your cloud provider supports this value. See [the Kubernetes documentation about Services of Type LoadBalancer](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer).
## Known issue with restoring resources when Admission webhooks are enabled
The [Admission webhooks](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) may forbid a resource to be created based on the input, it may optionally mutate the input as well.
Because velero calls the API server to restore resources, it is possible that the admission webhooks are invoked and cause unexpected failures, depending on the implementation and the configuration of the webhooks.
To work around such issue, you may disable the webhooks or create a restore item action plugin to modify the resources before they are restored.
## Miscellaneous issues
### Velero reports `custom resource not found` errors when starting up.

76
site/content/docs/v1.11/upgrade-to-1.11.md
View File

@ -5,23 +5,23 @@ layout: docs
## Prerequisites
- Velero [v1.10.x][6] installed.
- Velero [v1.10.x][5] installed.
If you're not yet running at least Velero v1.6, see the following:
- [Upgrading to v1.5][1]
- [Upgrading to v1.6][2]
- [Upgrading to v1.7][3]
- [Upgrading to v1.8][4]
- [Upgrading to v1.9][5]
- [Upgrading to v1.10][6]
- [Upgrading to v1.6][1]
- [Upgrading to v1.7][2]
- [Upgrading to v1.8][3]
- [Upgrading to v1.9][4]
- [Upgrading to v1.10][5]
Before upgrading, check the [Velero compatibility matrix](https://github.com/vmware-tanzu/velero#velero-compatibility-matrix) to make sure your version of Kubernetes is supported by the new version of Velero.
## Instructions
**Caution:** From Velero v1.10, except for using restic to do file-system level backup and restore, kopia is also been integrated, so there would be a little bit of difference when upgrading to v1.10 from a version lower than v1.10.0.
**Caution:** From Velero v1.10, except for using restic to do file-system level backup and restore, kopia is also been integrated, it could be upgraded from v1.10 to v1.11 directly, but it would be a little bit of difference when upgrading to v1.11 from a version lower than v1.10.0.
### Upgrade from version lower than v1.10.0
1. Install the Velero v1.11 command-line interface (CLI) by following the [instructions here][0].
Verify that you've properly installed it by running:
@ -38,26 +38,36 @@ Before upgrading, check the [Velero compatibility matrix](https://github.com/vmw
Git commit: <git SHA>
```
1. Update the Velero custom resource definitions (CRDs) to include schema changes across all CRDs that are at the core of the new features in this release:
2. Update the Velero custom resource definitions (CRDs) to include schema changes across all CRDs that are at the core of the new features in this release:
```bash
velero install --crds-only --dry-run -o yaml | kubectl apply -f -
```
1. Update the container image used by the Velero deployment and, optionally, the restic daemon set:
**NOTE:** Since velero v1.10.0 only v1 CRD will be supported during installation, therefore, the v1.10.0 will only work on kubernetes version >= v1.16
3. Update the container image and objects fields used by the Velero deployment and, optionally, the restic daemon set:
```bash
kubectl set image deployment/velero \
velero=velero/velero:v1.11.0 \
--namespace velero
# uploader_type value could be restic or kopia
kubectl get deploy -n velero -ojson \
| sed "s#\"image\"\: \"velero\/velero\:v[0-9]*.[0-9]*.[0-9]\"#\"image\"\: \"velero\/velero\:v1.11.0\"#g" \
| sed "s#\"server\",#\"server\",\"--uploader-type=$uploader_type\",#g" \
| sed "s#default-volumes-to-restic#default-volumes-to-fs-backup#g" \
| sed "s#default-restic-prune-frequency#default-repo-maintain-frequency#g" \
| sed "s#restic-timeout#fs-backup-timeout#g" \
| kubectl apply -f -
# optional, if using the restic daemon set
kubectl set image daemonset/restic \
restic=velero/velero:v1.11.0 \
--namespace velero
echo $(kubectl get ds -n velero restic -ojson) \
| sed "s#\"image\"\: \"velero\/velero\:v[0-9]*.[0-9]*.[0-9]\"#\"image\"\: \"velero\/velero\:v1.11.0\"#g" \
| sed "s#\"name\"\: \"restic\"#\"name\"\: \"node-agent\"#g" \
| sed "s#\[ \"restic\",#\[ \"node-agent\",#g" \
| kubectl apply -f -
kubectl delete ds -n velero restic --force --grace-period 0
```
1. Confirm that the deployment is up and running with the correct version by running:
4. Confirm that the deployment is up and running with the correct version by running:
```bash
velero version
@ -73,17 +83,35 @@ Before upgrading, check the [Velero compatibility matrix](https://github.com/vmw
Server:
Version: v1.11.0
```
### Upgrade from v1.10
If it's directly upgraded from v1.10, the other steps remain the same only except for step 3 above. The details as below:
3. Update the container image used by the Velero deployment, plugin and, optionally, the node agent daemon set:
```bash
# set the container and image of the init container for plugin accordingly,
# if you are using other plugin
kubectl set image deployment/velero \
velero=velero/velero:v1.11.0 \
velero-plugin-for-aws=velero/velero-plugin-for-aws:v1.7.0 \
--namespace velero
# optional, if using the node agent daemonset
kubectl set image daemonset/node-agent \
node-agent=velero/velero:v1.11.0 \
--namespace velero
```
## Notes
If upgraded from v1.9.x, there still remains some resources left over in the cluster and never used in v1.10.x and later, which could be deleted through kubectl and it is based on your desire:
If upgraded from v1.9.x, there still remains some resources left over in the cluster and never used in v1.11.x, which could be deleted through kubectl and it is based on your desire:
- resticrepository CRD and related CRs
- velero-restic-credentials secret in velero install namespace
[0]: basic-install.md#install-the-cli
[1]: https://velero.io/docs/v1.5/upgrade-to-1.5
[2]: https://velero.io/docs/v1.6/upgrade-to-1.6
[3]: https://velero.io/docs/v1.7/upgrade-to-1.7
[4]: https://velero.io/docs/v1.8/upgrade-to-1.8
[5]: https://velero.io/docs/v1.9/upgrade-to-1.9
[6]: https://velero.io/docs/v1.10/upgrade-to-1.10
[1]: https://velero.io/docs/v1.6/upgrade-to-1.6
[2]: https://velero.io/docs/v1.7/upgrade-to-1.7
[3]: https://velero.io/docs/v1.8/upgrade-to-1.8
[4]: https://velero.io/docs/v1.9/upgrade-to-1.9
[5]: https://velero.io/docs/v1.10/upgrade-to-1.10

4
site/data/docs/v1-11-toc.yml
View File

@ -13,8 +13,8 @@ toc:
url: /basic-install
- page: Customize Installation
url: /customize-installation
- page: Upgrade to 1.10
url: /upgrade-to-1.10
- page: Upgrade to 1.11
url: /upgrade-to-1.11
- page: Supported providers
url: /supported-providers
- page: Evaluation install