备份

The user can setup a S3 or NFS type backupstore to store the backups of Longhorn volumes.

If the user doesn’t have access to AWS S3 or want to give a try first, we’ve also provided a way to setup a local S3 testing backupstore备份 - 图1 using Minio备份 - 图2.

Setup AWS S3 backupstore

  1. Create a new bucket in AWS S3.

  2. Follow the guide备份 - 图3 to create a new AWS IAM user, with the following permissions set:

  1. {
  2.     "Version": "2012-10-17",
  3.     "Statement": [
  4.         {
  5.             "Sid": "GrantLonghornBackupstoreAccess0",
  6.             "Effect": "Allow",
  7.             "Action": [
  8.                 "s3:PutObject",
  9.                 "s3:GetObject",
  10.                 "s3:ListBucket",
  11.                 "s3:DeleteObject"
  12.             ],
  13.             "Resource": [
  14.                 "arn:aws:s3:::<your-bucket-name>",
  15.                 "arn:aws:s3:::<your-bucket-name>/*"
  16.             ]
  17.         }
  18.     ]
  19. }
  1. Create a Kubernetes secret with a name such as aws-secret in the namespace where longhorn is placed(longhorn-system by default). Put the following keys in the secret:
  1. AWS_ACCESS_KEY_ID: <your_aws_access_key_id>
  2. AWS_SECRET_ACCESS_KEY: <your_aws_secret_access_key>
  1. Go to the Longhorn UI and set Settings/General/BackupTarget to
  1. s3://<your-bucket-name>@<your-aws-region>/

Pay attention that you should have / at the end, otherwise you will get an error.

  1. Set Settings/General/BackupTargetSecret to
  1. aws-secret

Your secret name with AWS keys from 3rd point.

Setup a local testing backupstore

We provides two testing purpose backupstore based on NFS server and Minio S3 server for testing, in ./deploy/backupstores.

Use following command to setup a Minio S3 server for BackupStore after longhorn-system was created.

  1. kubectl --kubeconfig=kube_configxxx.yml create  -f https://raw.githubusercontent.com/rancher/longhorn/master/deploy/backupstores/minio-backupstore.yml

Now set Settings/General/BackupTarget to

  1. s3://backupbucket@us-east-1/backupstore

And Setttings/General/BackupTargetSecret to

  1. minio-secret

Click the Backup tab in the UI, it should report an empty list without error out.

The minio-secret yaml looks like this:

  1. apiVersion: v1
  2. kind: Secret
  3. metadata:
  4.   namespace: longhorn-system
  5. type: Opaque
  6. data:
  7.   AWS_ACCESS_KEY_ID: bG9uZ2hvcm4tdGVzdC1hY2Nlc3Mta2V5 # longhorn-test-access-key
  8.   AWS_SECRET_ACCESS_KEY: bG9uZ2hvcm4tdGVzdC1zZWNyZXQta2V5 # longhorn-test-secret-key
  9.   AWS_ENDPOINTS: aHR0cDovL21pbmlvLXNlcnZpY2UuZGVmYXVsdDo5MDAw # http://minio-service.default:9000

Notice the secret must be created in the longhorn-system namespace for Longhorn to access.

NFS backupstore

For using NFS server as backupstore, NFS server must support NFSv4.

The target URL would looks like:

  1. nfs://longhorn-test-nfs-svc.default:/opt/backupstore

You can find an example NFS backupstore for testing purpose here备份 - 图4.