Backup API 概览

Kubernetes 的设计初衷就是为了实现可扩展性。您可以向 Kubernetes 集群添加新的 API,例如 Backup API 和 GKE Backup Agent API。这些 API 符合统一的 API 模型,即 Kubernetes 资源模型 (KRM)。

这些 API 使用 Kubernetes 自定义资源,并依赖于 KRM。这些 API 用于管理备份的生命周期,以及创建备份代码库、政策和方案。

Service 端点

以下网址是 Backup KRM API 的 API 端点:

https://MANAGEMENT_API_SERVER_ENDPOINT/apis/backup.gdc.goog/v1

以下网址是 GKE Backup Agent API 的 API 端点:

https://MANAGEMENT_API_SERVER_ENDPOINT/apis/gkebackup.gke.io/v1

MANAGEMENT_API_SERVER_ENDPOINT 替换为 Management API 服务器的端点。

发现文档

使用 kubectl proxy --port=8001 命令在本地计算机上打开 API 服务器的代理。然后,您可以通过以下网址之一访问发现文档:

  • http://127.0.0.1:8001/apis/backup.gdc.goog/v1
  • http://127.0.0.1:8001/apis/gkebackup.gke.io/v1

ClusterBackupPlan 资源示例

下面是一个 ClusterBackupPlan 资源示例:

apiVersion: backup.gdc.goog/v1
kind: ClusterBackupPlan
metadata:
  name: backup-plan
  namespace: project-namespace
spec:
  targetCluster:
    targetClusterType: UserCluster
    targetClusterName:
      kind: "Cluster"
      name: "cluster-sample"
  backupSchedule:
    cronSchedule: "*/30 * * * *"
    paused: false
  clusterBackupConfig:
    backupScope:
      selectedNamespaces:
        namespaces: ["nginx"]
    clusterBackupRepositoryName: backup-repository
  retentionPolicy:
    backupDeleteLockDays: 10
    backupRetainDays: 10

ProtectedApplication 资源示例

下面是一个 ProtectedApplication 资源示例:

apiVersion: gkebackup.gke.io/v1
kind: ProtectedApplication
metadata:
  name: protected-application-test
  namespace: applications
spec:
  applicationName: protectedApplication
  resourceSelection:
    type: Selector
    selector:
      matchLabels:
        app: protected
  components:
    - name: protect-application-deployment
      resourceKind: Deployment
      resourceNames:
        - protected-application-deployment
      strategy:
        type: BackupAllRestoreAll

ClusterBackupRepository 资源示例

下面是一个 ClusterBackupRepository 资源示例:

apiVersion: backup.gdc.goog/v1
kind: ClusterBackupRepository
metadata:
  name: user-1-user
  namespace: user-1-user-cluster
spec:
    secretReference:
        namespace: "object-storage-secret-ns"
        name: "object-storage-secret"
    endpoint: "https://objectstorage.google.gdch.test"
    type: "S3"
    s3Options:
      bucket: "fully-qualified-bucket-name"
      region: "us-east-1"
      forcePathStyle: true
    importPolicy: "ReadWrite"